xref: /freebsd-11-stable/share/man/man9/cr_seeothergids.9 (revision 62486687ed63a5e029d0830bb5cd92cdceeb6b18) 
1.\"
2.\" Copyright (c) 2003 Joseph Koshy <jkoshy@FreeBSD.org>
3.\"
4.\" All rights reserved.
5.\"
6.\" This program is free software.
7.\"
8.\" Redistribution and use in source and binary forms, with or without
9.\" modification, are permitted provided that the following conditions
10.\" are met:
11.\" 1. Redistributions of source code must retain the above copyright
12.\"    notice, this list of conditions and the following disclaimer.
13.\" 2. Redistributions in binary form must reproduce the above copyright
14.\"    notice, this list of conditions and the following disclaimer in the
15.\"    documentation and/or other materials provided with the distribution.
16.\"
17.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
18.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
21.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27.\"
28.\" $FreeBSD$
29.\"
30.Dd November 11, 2003
31.Dt CR_SEEOTHERGIDS 9
32.Os
33.Sh NAME
34.Nm cr_seeothergids
35.Nd determine visibility of objects given their group memberships
36.Sh SYNOPSIS
37.Ft int
38.Fn cr_seeothergids "struct ucred *u1" "struct ucred *u2"
39.Sh DESCRIPTION
40This function determines the visibility of objects in the
41kernel based on the group IDs in the credentials
42.Fa u1
43and
44.Fa u2
45associated with them.
46.Pp
47The visibility of objects is influenced by the
48.Xr sysctl 8
49variable
50.Va security.bsd.see_other_gids .
51If this variable is non-zero then all objects in the kernel
52are visible to each other irrespective of their group membership.
53If this variable is zero then the object with credentials
54.Fa u2
55is visible to the object with credentials
56.Fa u1
57if either
58.Fa u1
59is the super-user credential, or if at least one of
60.Fa u1 Ns 's
61group IDs is present in
62.Fa u2 Ns 's
63group set.
64.Sh SYSCTL VARIABLES
65.Bl -tag -width indent
66.It Va security.bsd.see_other_gids
67Must be non-zero if objects with unprivileged credentials are to be
68able to see each other.
69.El
70.Sh RETURN VALUES
71This function returns zero if the object with credential
72.Fa u1
73can
74.Dq see
75the object with credential
76.Fa u2 ,
77or
78.Er ESRCH
79otherwise.
80.Sh SEE ALSO
81.Xr cr_seeotheruids 9 ,
82.Xr p_candebug 9
83