Manual Reference Pages - PRIVMAN (7)
Privman - A library for privilege separation.
Privman is a library that makes it easy for programs to use privilege
separation, a technique that prevents the leak or misuse of privilege
from applications that must run with some elevated permissions.
Privman-managed processes can implement fine grained control of root
privilege on common Unix-based operating systems.
Applications that use the Privman library split into two halves, the half
that performs valid privileged operations, and the half that contains the
applications logic. The Privman library simplifies the otherwise complex
task of separating the applications, protecting the system from compromise
if an error in the applications logic is found.
The library uses configuration files (
) to allow fine-grained access control decisions for the privileged
operations, limiting exposure in the event of an attack against the
application. If the applications is compromised, the attacker gains
only the privileges of an unprivileged user, and the specific privileges
granted to the application by the applications Privman configuration file.
Applications specific configuration files. See
for further details.
The include file for the library.
The library itself. On most systems, you will need to link against
libpam and libpam_misc in addition to libprivman
A Privman managed program will generally start with a call to
priv_init() splits the process: the still-privileged parent listens to a
pipe for requests, the child drops privilege and and returns from
After priv_init(), continue normally. When you need to invoke privileged
operation "foo()", use "priv_foo()" instead. For example, if you want your
server to bind to a low port, you would pass the socket to
instead of bind(2).
The API may seem a bit complex.
There is no permission checking on the chroot jail for either execve or
Network Associates. Send email to <firstname.lastname@example.org>
|Unix ||PRIVMAN (7) ||SEPTEMBER 2002 |
Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.