Developer's Guide to Oracle® Solaris 11 Security

Exit Print View

Updated: July 2014

Privilege Categories

    Privileges are logically grouped on the basis of the scope of the privilege, as follows:

  • Basic privileges – The basic privileges are privileges granted to processes that were not privileged in previous Oracle Solaris releases. By default, each process and each user is assigned all basic privileges; however they can be taken away to further restrict a process.

    • PRIV_FILE_LINK_ANY – Allows a process to create hard links to files that are owned by a UID other than the process's effective UID.

    • PRIV_PROC_EXEC – Allows a process to call execve().

    • PRIV_PROC_FORK – Allows a process to call fork(), fork1(), or vfork().

    • PRIV_PROC_SESSION – Allows a process to send signals or trace processes outside its session.

    • PRIV_PROC_INFO – Allows a process to examine the status of processes outside of those processes to which the inquiring process can send signals. Without this privilege, processes that cannot be seen in /proc cannot be examined.

    • PRIV_FILE_READ – Allows a process to read objects in the filesystem.

    • PRIV_FILE_WRITE – Allows a process to modify objects in the filesystem.

    • PRIV_NET_ACCESS – Allows a process to open a TCP, UDP, SDP, or SCTP network endpoint.

    Initially, the basic privileges should be assigned as a set rather than individually for a program. This approach ensures that any basic privileges that are released in an update to the Oracle Solaris OS will be included in the assignment. However, when computing the needed privilege set for a program, it is important to remove basic privileges that are not needed and add other privileges that will be needed by the program. For example, the proc_exec privilege should be turned off if the program is not intended to exec(1) sub-processes.

  • File system privileges.

  • System V Interprocess Communication (IPC) privileges.

  • Network privileges.

  • Process privileges.

  • System privileges.

See the privileges(5) man page for a complete list of the Oracle Solaris privileges with descriptions.

Note - Oracle Solaris provides the zones facility, which lets an administrator set up isolated environments for running applications. See zones(5) for more information. Since a process in a zone is prevented from monitoring or interfering with other activity in the system outside of that zone, any privileges on that process are limited to the zone as well. However, if needed, the PRIV_PROC_ZONE privilege can be applied to processes in the global zone that need privileges to operate in non–global zones.