Go to main content

Oracle® Solaris 11.4 DTrace (Dynamic Tracing) Guide

Exit Print View

Updated: September 2020

Privileges in Oracle Solaris

The Oracle Solaris Least Privilege facility enables administrators to grant specific privileges to specific Oracle Solaris users. To give a user a privilege on login, use the usermod –K command. For example:

$ usermod -K defaultpriv='basic,proc_clock_highres' jdoe

For more information about assigning privileges directly to a user, see Expanding Users’ Rights in Securing Users and Processes in Oracle Solaris 11.4 guide. For a list of all the privileges that can be assigned to a user, see the privileges(7) man page.

To give a running process an additional privilege, use the ppriv(1) command:

# ppriv -s A+privilege process-ID

The three privileges that control a user's access to DTrace features are dtrace_proc, dtrace_user, and dtrace_kernel. Each privilege permits the use of a certain set of DTrace providers, actions, and variables, and each corresponds to a particular type of use of DTrace. The privilege modes are described in detail in the following sections. System administrators should carefully weigh each user's needs against the visibility and performance impact of the different privilege modes. Users need at least one of the three DTrace privileges in order to use any of the DTrace functionality.