System Administration Guide: Advanced Administration

Enabling setuid Programs to Produce Core Files

You can use the coreadm command to enable or disable setuid programs to produce core files for all system processes or on a per-process basis by setting the following paths:

By default, both flags are disabled. For security reasons, the global core file path must be a full pathname, starting with a leading /. If superuser disables per-process core files, individual users cannot obtain core files.

The setuid core files are owned by superuser with read/write permissions for superuser only. Regular users cannot access them even if the process that produced the setuid core file was owned by an ordinary user.

For more information, see the coreadm(1M) man page.