Process rights management in Oracle Solaris is implemented by privileges. Privileges enable processes to be restricted at the level of command, user, role, and specific system resource. Privileges decrease the security risk that is associated with one user or one process having full superuser powers on a system. Process rights and user rights provide a compelling alternative model to the traditional superuser model.
Traditionally, privileges are used to add rights. However, privileges can also be used to restrict rights, for example, changing a setuid root program to a program that is privilege-aware. Also, with an extended privilege policy, administrators can allow only specified privileges to be used with a file object, user ID, or port. This fine-grained privilege assignment denies all other privileges except basic privileges to these resources.
For information about extended privilege policy and restrictive privileges, see Using Extended Privilege Policy to Restrict Privilege Use.
For information about user rights, see User Rights Management.
For information about how to administer privileges, see Chapter 3, Assigning Rights in Oracle Solaris.
For reference information about privileges, see Privileges Reference.