aa12cea2cc
Although groff_mdoc(7) gives another impression, this is the ordering most widely used and also required by mdocml/mandoc. Reviewed by: ru Approved by: philip, ed (mentors)
83 lines
2.6 KiB
Groff
83 lines
2.6 KiB
Groff
.\"
|
|
.\" Copyright (c) 2003 Joseph Koshy <jkoshy@freebsd.org>
|
|
.\"
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" This program is free software.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
|
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd November 11, 2003
|
|
.Dt CR_SEEOTHERGIDS 9
|
|
.Os
|
|
.Sh NAME
|
|
.Nm cr_seeothergids
|
|
.Nd determine visibility of objects given their group memberships
|
|
.Sh SYNOPSIS
|
|
.Ft int
|
|
.Fn cr_seeothergids "struct ucred *u1" "struct ucred *u2"
|
|
.Sh DESCRIPTION
|
|
This function determines the visibility of objects in the
|
|
kernel based on the group IDs in the credentials
|
|
.Fa u1
|
|
and
|
|
.Fa u2
|
|
associated with them.
|
|
.Pp
|
|
The visibility of objects is influenced by the
|
|
.Xr sysctl 8
|
|
variable
|
|
.Va security.bsd.see_other_gids .
|
|
If this variable is non-zero then all objects in the kernel
|
|
are visible to each other irrespective of their group membership.
|
|
If this variable is zero then the object with credentials
|
|
.Fa u2
|
|
is visible to the object with credentials
|
|
.Fa u1
|
|
if either
|
|
.Fa u1
|
|
is the super-user credential, or if at least one of
|
|
.Fa u1 Ns 's
|
|
group IDs is present in
|
|
.Fa u2 Ns 's
|
|
group set.
|
|
.Sh SYSCTL VARIABLES
|
|
.Bl -tag -width indent
|
|
.It Va security.bsd.see_other_gids
|
|
Must be non-zero if objects with unprivileged credentials are to be
|
|
able to see each other.
|
|
.El
|
|
.Sh RETURN VALUES
|
|
This function returns zero if the object with credential
|
|
.Fa u1
|
|
can
|
|
.Dq see
|
|
the object with credential
|
|
.Fa u2 ,
|
|
or
|
|
.Er ESRCH
|
|
otherwise.
|
|
.Sh SEE ALSO
|
|
.Xr cr_seeotheruids 9 ,
|
|
.Xr p_candebug 9
|