Solaris 10 What's New

Privileges for Software Developers

This feature is new in the Software Express pilot program. This feature is included in the Solaris 10 3/05 release.

Processes need no longer run as root to have superuser capabilities. Instead, superuser capabilities can be parceled out by system administrators as discrete process rights. These process rights are implemented through privileges. Privileges enable developers to limit access to restricted operations and limit the periods for which privileges are in effect. The use of privileges can reduce the harm that formerly resulted if a privileged program was compromised. For compatibility, unmodified programs that run as root continue to have all privileges.

For general information about privileges, see Process Rights Management. For information about setting and getting privileges, see the setppriv(2) and getppriv(2) man pages. To learn more about manipulating privileges, see the priv_str_to_set(3C) and the priv_addset(3C) man pages.

For further information, see the Solaris Security for Developers Guide.