privilege Token

The privilege token records the use of privileges on a process. The privilege token is not recorded for privileges in the basic set. If a privilege has been removed from the basic set by administrative action, then the use of that privilege is recorded. For more information on privileges, see Privileges (Overview)

The privilege token contains the following fields:

• A token ID that identifies this token as a privilege token

• The length of the following field

• The name of privilege set

• The length of the following field

• The list of privileges

The praudit -x command shows the fields of the privilege token. The line is wrapped for display purposes.

<privilege set-type="Effective">file_chown,file_dac_read,
file_dac_write,net_privaddr,proc_exec,proc_fork,proc_setid</privilege>