Privileges in Oracle Solaris - Oracle® Solaris 11 Security Guidelines

Oracle^® Solaris 11 Security Guidelines

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Oracle^® Solaris 11 Security ... » About Oracle Solaris Security » Protecting and Isolating Applications » Privileges in Oracle Solaris

Updated: August 2014

Oracle^® Solaris 11 Security Guidelines

Document Information

Using This Documentation

Chapter 1 About Oracle Solaris Security

What's New in Security Features in Oracle Solaris 11.2

Oracle Solaris 11 Security After Installation

System Access Is Limited and Monitored

Kernel, File, and Desktop Protections Are in Place

Oracle Hardware Management Package

Oracle Solaris Configurable Security

Protecting Data

File Permissions and Access Control Entries

Cryptographic Services

Oracle Solaris ZFS File System

Java Cryptography Extension

Protecting and Isolating Applications

Privileges in Oracle Solaris

Oracle Solaris Zones

Address Space Layout Randomization

Service Management Facility

Protecting Users and Assigning Additional Rights

Passwords and Password Constraints

Pluggable Authentication Modules

User Rights Management

Securing Network Communications

Packet Filtering

Maintaining System Security

Package Integrity Verification

File Integrity Verification

Compliance to Security Standards

Labeled Security

Trusted Extensions Feature in Oracle Solaris

Labeled Filesystem

Labeled Network Communications

Trusted Extensions Multilevel Desktop

Oracle Solaris 11 Common Criteria EAL4+ Certification

Site Security Policy and Practice

Chapter 2 Configuring Oracle Solaris Security

Chapter 3 Maintaining and Monitoring Oracle Solaris Security

Appendix A Bibliography for Oracle Solaris Security

Language:

Privileges in Oracle Solaris

Privileges are fine-grained, discrete rights on processes that are enforced in the kernel. Oracle Solaris defines over 80 privileges, ranging from basic privileges like file_read to more specialized privileges like proc_clock_highres. Privileges can be granted to a process, a user, or a role. Many Oracle Solaris commands and daemons run with just the privileges that are required to perform their task. Privilege-aware programs can prevent intruders from gaining more privileges than the program itself uses.

The use of privileges is also called process rights management. Privileges enable organizations to specify, hence limit, which privileges are granted to services and processes that run on their systems.

For more information, see the following:

Process Rights Management in Securing Users and Processes in Oracle Solaris 11.2
Chapter 2, Developing Privileged Applications, in Developer’s Guide to Oracle Solaris 11 Security
Selected man pages include ppriv (1) and privileges (5) .

Copyright © 2011, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices