Administrative Differences on a System With Privileges (System Administration Guide: Security Services)

System Administration Guide: Security Services

Administrative Differences on a System With Privileges

A system that has privileges has several visible differences from a system that does not have privileges. The following table lists some of the differences.

Table 8–2 Visible Differences Between a System With Privileges and a System Without Privileges


Feature	No Privileges	Privileges
Daemons	Daemons run as `root`.	Daemons run as the user `daemon`. For example, the following daemons have been assigned appropriate privileges and run as `daemon`: `lockd`, `nfsd`, and `rpcbind`.
Log File Ownership	Log files are owned by `root`.	Log files are now owned by `daemon`, who created the log file. The `root` user does not own the file.
Error Messages	Error messages refer to superuser. For example, `chroot: not superuser`.	Error messages reflect the use of privileges. For example, the equivalent error message for `chroot` failure is `chroot: exec failed`.
`setuid` Programs	Programs use `setuid` to complete tasks that ordinary users are not allowed to perform.	Many `setuid` programs have been changed to run with privileges. For example, the following utilities use privileges: `rsh`, `rlogin`, `rcp`, `rdist`, `ping`, `traceroute`, and `newtask`.
File Permissions	Device permissions are controlled by DAC. For example, members of the group `sys` can open `/dev/ip`.	File permissions (DAC) do not predict who can open a device. Devices are protected with DAC and device policy. For example, the `/dev/ip` file has `666` permissions, but the device can only be opened by a process with the appropriate privileges. Raw sockets are still protected by DAC.
Audit Events	Auditing the use of the `su` command covers many administrative functions.	Auditing the use of privileges covers most administrative functions. The `pm` and `as` audit classes include audit events that configure device policy and audit events that set privileges.
Processes	Processes are protected by who owns the process.	Processes are protected by privileges. Process privileges and process flags are visible as a new entry in the `/proc/<pid>` directory, `priv`.
Debugging	No reference to privileges in core dumps.	The ELF note section of core dumps includes information about process privileges and flags in the `NT_PRPRIV` and `NT_PRPRIVINFO` notes. The `ppriv` utility and other utilities show the proper number of properly sized sets. The utilities correctly map the bits in the bit sets to privilege names.