Parent Previous Next


Users are granted access to these features via privileges. Privileges are flags that indicate whether or not a user has a given ability to affect UOS. Most users have no privileges for security purposes - that way if the user runs a virus, it cannot harm the rest of the system. There are four privileges that affect the operation of protections:

The remaining privileges are:

A user cannot grant privileges to any object that are greater than the privileges he has. For instance, a program can create sub-processes. These new processes can be granted any privileges that the user running the program has, but they cannot be granted privileges that the creator process doesn't have. The one exception to the rule is that the SETPRV privileges allows a process to grant additional privileges to itself or another process. It is possible, however, for a user to grant privileges to a exectuable such that any user that runs the executable will have those privileges while the program is running, even if the user running the program doesn't have those privileges. Certain CUSPs have such privileges in order to perform functions on behalf of a user without otherwise sufficient privileges.

A running process has four sets of privilege:

Whenever the user makes a request to UOS, the Effective privileges are checked against - regardless of the Granted privileges.