System Administration Guide: Virtualization Using the Solaris Operating System

Using the ppriv Utility

Use the ppriv utility to display the zone's privileges.

ProcedureHow to List Solaris Privileges in the Global Zone

Use the ppriv utility with the -l option to list the privileges available on the system.

  1. At the prompt, type ppriv -l zone to report the set of privileges available in the zone.


    global# ppriv -l zone
    

    You will see a display similar to this:


    contract_event
    contract_observer
    cpc_cpu
    .
    .
    .

ProcedureHow to List the Non-Global Zone's Privilege Set

Use the ppriv utility with the -l option and the expression zone to list the zone's privileges.

  1. Log into the non-global zone. This example uses a zone named my-zone.

  2. At the prompt, type ppriv -l zone to report the set of privileges available in the zone.


    my-zone# ppriv -l zone
    

    You will see a display similar to this:


    contract_event
    contract_observer
    file_chown
    
    .
    .
    .

ProcedureHow to List a Non-Global Zone's Privilege Set With Verbose Output

Use the ppriv utility with the -l option, the expression zone, and the -v option to list the zone's privileges.

  1. Log into the non-global zone. This example uses a zone named my-zone.

  2. At the prompt, type ppriv -l -v zone to report the set of privileges available in the zone, with a description of each privilege.


    my-zone# ppriv -lv zone
    

    You will see a display similar to this:


    contract_event
            Allows a process to request critical events without limitation.
            Allows a process to request reliable delivery of all events on
            any event queue.
    contract_observer
            Allows a process to observe contract events generated by
            contracts created and owned by users other than the process's
            effective user ID.
            Allows a process to open contract event endpoints belonging to
            contracts created and owned by users other than the process's
            effective user ID.
    file_chown
            Allows a process to change a file's owner user ID.
            Allows a process to change a file's group ID to one other than
            the process' effective group ID or one of the process'
            supplemental group IDs.
    .
    .
    .