Privileges are logically grouped on the basis of the scope of the privilege, as follows:
Basic privileges – The basic privileges are privileges granted to processes that were not privileged in previous Oracle Solaris releases. By default, each process and each user is assigned all basic privileges; however they can be taken away to further restrict a process.
PRIV_FILE_LINK_ANY – Allows a process to create hard links to files that are owned by a UID other than the process's effective UID.
PRIV_PROC_FORK – Allows a process to call fork(), fork1(), or vfork().
PRIV_PROC_SESSION – Allows a process to send signals or trace processes outside its session.
PRIV_PROC_INFO – Allows a process to examine the status of processes outside of those processes to which the inquiring process can send signals. Without this privilege, processes that cannot be seen in /proc cannot be examined.
PRIV_FILE_READ – Allows a process to read objects in the filesystem.
PRIV_FILE_WRITE – Allows a process to modify objects in the filesystem.
PRIV_NET_ACCESS – Allows a process to open a TCP, UDP, SDP, or SCTP network endpoint.
Initially, the basic privileges should be assigned as a set rather than individually for a program. This approach ensures that any basic privileges that are released in an update to the Oracle Solaris OS will be included in the assignment. However, when computing the needed privilege set for a program, it is important to remove basic privileges that are not needed and add other privileges that will be needed by the program. For example, the proc_exec privilege should be turned off if the program is not intended to exec(1) sub-processes.
File system privileges.
See the privileges(5) man page for a complete list of the Oracle Solaris privileges with descriptions.