The dtrace_user privilege permits use of the profile and syscall providers with some caveats, and the use of the following actions and variables:
|
The dtrace_user privilege provides only visibility to those processes to which the user already has permission; it does not allow any visibility into kernel state or activity. With this privilege, users may enable the syscall provider, but the enabled probes will only activate in processes to which the user has permission. Similarly, the profile provider may be enabled, but the enabled probes will only activate in processes to which the user has permission, never in the Oracle Solaris kernel.
This privilege permits the use of instrumentation that, while only allowing visibility into particular processes, can affect overall system performance. The syscall provider has some small performance impact on every system call for every process. The profile provider affects overall system performance by executing every time interval, similar to a real-time timer. Neither of these performance degradations is so great as to severely limit the system's progress, but system administrators should consider the implications of granting a user this privilege. Refer to syscall Provider and profile Provider for a discussion of the performance impact of the syscall and profile providers.