Users are granted access to these features via privileges. Privileges are flags that indicate whether or not a user has a given ability to affect UOS. Most users have no privileges for security purposes - that way if the user runs a virus, it cannot harm the rest of the system. There are four privileges that affect the operation of protections:
- BYPASS - User has RWED access to all files, bypassing file protections
- READALL - User has read access to all files, bypassing file protections
- SYSPRV - User accesses all files via the file's system protection
- GRPPRV - User accesses all files via the file's group protection
The remaining privileges are:
- ACNT - Run processes with accounting disabled.
- ALLSPOOL - Allows user to allocate spooled devices.
- ALTPRI - Alter priorities.
- AUDIT - Allow audit records to be written.
- BUGCHK - Allow messages to error logger.
- CMEXEC - Allow calls to Change Mode to Supervisor system service.
- CMKRNL - Allow call to Change Mode to Kernel/Executive system service.
- DIAGNOSE - Allow user to run diagnostics and intercept error log messages.
- EXQUOTA - Allows user to exceed usage quotas.
- GROUP - Allows user to affect other processes belonging to common group.
- GRPNAM - Allows user to use /GROUP on mount and dismount operations.
- IMPERSONATE - Allows detached processes to be created with a different UIC.
- LOG_IO - Allow certain device control functions.
- MOUNT - Allows user to mount volumes.
- NETMBX - Allow network control operations.
- OPER - Allows use of OPCOM.
- PFNMAP - Allows unrestricted access to physical memory.
- PHY_IO - Allows physical I/O operations.
- PRMCEB - Allows creation/deletion of permanent common event flag clusters.
- PRMGBL - Allows creation/deletion of permanent global sections.
- PRMMBX - Allows creation/deletion of permanent mailboxes.
- PSWAPM - Allows control of swapping operations.
- SECURITY - Allow user to perform security-related functions.
- SETPRV - Allows user to create processes that have privileges greater than the user.
- SHARE - Allows user to open assigned devices or to assign nonshared devices.
- SHMEM - Allows user to create global sections and mailboxes in memory shared by multiple processors.
- SYSGBL - Allows user to create/delete system global sections.
- SYSLCK - Allows user to process locks.
- SYSNAM - Allows user to bypass access controls on system symbol tables.
- TMPMBX - Allows user to create temporary mailbox.
- VOLPRO - Allows user to override protections on volumes.
- WORLD - Allows user to control any/all other processes.
A user cannot grant privileges to any object that are greater than the privileges he has. For instance, a program can create sub-processes. These new processes can be granted any privileges that the user running the program has, but they cannot be granted privileges that the creator process doesn't have. The one exception to the rule is that the SETPRV privileges allows a process to grant additional privileges to itself or another process. It is possible, however, for a user to grant privileges to a exectuable such that any user that runs the executable will have those privileges while the program is running, even if the user running the program doesn't have those privileges. Certain CUSPs have such privileges in order to perform functions on behalf of a user without otherwise sufficient privileges.
A running process has four sets of privilege:
- Granted privileges: These are the privileges granted to the user account.
- Current privileges: This is a subset of the granted privileges that indicate which privileges are currently in effect.
- Program privileges: These are the privileges granted to the currently running program. If a program is not running, these flags are all cleared.
- Effective privileges: this is the same as Current privileges merged with any program privileges.
Whenever the user makes a request to UOS, the Effective privileges are checked against - regardless of the Granted privileges.