How to Determine the Privileges on a Process
This procedure shows how to determine which privileges are available to your processes. The listing does not include privileges that have been assigned to particular commands.
-
List the privileges that are available to your shell's process.
% ppriv pid $ ppriv -v pid
- pid
-
Is the process number. Use a double dollar sign ($$) to pass the process number of the parent shell to the command.
- -v
-
Provides a verbose listing of the privilege names.
Example 11–1 Determining the Privileges in Your Current Shell
In the following example, the privileges in the parent process of the user's shell process are listed. In the second example, the full names of the privileges are listed. The single letters in the output refer to the following privilege sets:
- E
-
Is the effective privilege set.
- I
-
Is the inheritable privilege set.
- P
-
Is the permitted privilege set.
- L
-
Is the limit privilege set.
% ppriv $$
1200: -csh
flags = <none>
E: basic
I: basic
P: basic
L: all
% ppriv -v $$
1200: -csh
flags = <none>
E: file_link_any,proc_exec,proc_fork,proc_info,proc_session
I: file_link_any,proc_exec,proc_fork,proc_info,proc_session
P: file_link_any,proc_exec,proc_fork,proc_info,proc_session
L: cpc_cpu,dtrace_kernel,dtrace_proc,dtrace_user,…,sys_time
|
Example 11–2 Determining the Privileges of a Role That You Can Assume
Roles use an administrative shell, or profile shell. You must assume a role and use the role's shell to list the privileges that have been directly assigned to the role. In the following example, the role sysadmin has no directly assigned privileges.
% su - sysadmin
Password: <Type sysadmin password>
$ /usr/ucb/whoami
sysadmin
$ ppriv -v $$
1400: pfksh
flags = <none>
E: file_link_any,proc_exec,proc_fork,proc_info,proc_session
I: file_link_any,proc_exec,proc_fork,proc_info,proc_session
P: file_link_any,proc_exec,proc_fork,proc_info,proc_session
L: cpc_cpu,dtrace_kernel,dtrace_proc,dtrace_user,…,sys_time
|
- © 2010, Oracle Corporation and/or its affiliates