cr_seeothergids (9)

Leading comments

Copyright (c) 2003 Joseph Koshy <jkoshy@FreeBSD.org>

All rights reserved.

This program is free software.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the fol...

(The comments found at the beginning of the groff file "man9/cr_seeothergids.9freebsd".)

NAME

cr_seeothergids - determine visibility of objects given their group memberships

SYNOPSIS

Ft int Fn cr_seeothergids struct ucred *u1 struct ucred *u2

DESCRIPTION

This function determines the visibility of objects in the kernel based on the group IDs in the credentials Fa u1 and Fa u2 associated with them.

The visibility of objects is influenced by the sysctl(8) variable security.bsd.see_other_gids If this variable is non-zero then all objects in the kernel are visible to each other irrespective of their group membership. If this variable is zero then the object with credentials Fa u2 is visible to the object with credentials Fa u1 if either Fa u1 is the super-user credential, or if at least one of Fa u1 Ns 's group IDs is present in Fa u2 Ns 's group set.

SYSCTL VARIABLES

security.bsd.see_other_gids

Must be non-zero if objects with unprivileged credentials are to be able to see each other.

RETURN VALUES

This function returns zero if the object with credential Fa u1 can ``see'' the object with credential Fa u2 , or Er ESRCH otherwise.

SEE ALSO

cr_seeotheruids9, p_candebug9