Ability domains
QNX SDP8.0Programmer's GuideDeveloper
The process manager supports PROCMGR_ADN_ROOT and PROCMGR_ADN_NONROOT flags that indicate which domain an ability applies to.
These flags let a process further limit what actions can be carried out depending on its effective user ID:
- PROCMGR_ADN_ROOT
- Modify the ability of the process when it has an effective user ID of 0.
- PROCMGR_ADN_NONROOT
- Modify the ability of the process when it has an effective user ID other than 0.
The following example shows how you can retain a specific ability for your
process, before dropping root privileges.
In the following example, the PROCMGR_AID_PATHSPACE ability is
being allowed for non-root users:
procmgr_ability( 0, PROCMGR_ADN_NONROOT
| PROCMGR_AOP_ALLOW
| PROCMGR_AID_PATHSPACE,
PROCMGR_AID_EOL);
setreuid(new_user, new_user);
setregid(new_group, new_group);
Page updated: