Privileges
Privileges let a process perform tasks that are normally prohibited by the system security policy. In the Solaris operating environment, processes with the effective User ID of 0 (superuser) can bypass the system security policy, and processes at any other user ID have limited powers. In the Trusted Solaris environment, there is no superuser. A process with any user ID can be assigned specific privileges to give it a defined set of security-related powers. See priv_desc(4) for a list of privileges and the tasks they allow a process to perform.
Most applications do not use privileges because they do not need security-related powers to run. An application using privileges is called a Trusted Computing Base (TCB) application and should be carefully coded to not make information available in inappropriate ways. "Security Policy" provides guidelines to help you know when privileges might be needed, and Chapter 3, Privileges provides information and guidelines for coding privileged programs.
-
Get and set the file and process privilege sets.
-
Set the effective, permitted, and inheritable process privilege sets.
-
Convert privilege IDs between numeric and text.
-
Get privilege text for a privilege ID.
- © 2010, Oracle Corporation and/or its affiliates