Privileges restrict processes are implemented in the kernel, and can restrict processes at the command, user, role, or system level.
The following table lists the commands that are available to handle privileges.
|
The policy.conf and syslog.conf files contain information about privileges.
/etc/security/policy.conf contains the following privilege information:
PRIV_DEFAULT – Inheritable set of privileges for the system
PRIV_LIMIT – Limit set of privileges for the system
For more information, see the policy.conf(4) man page.
/etc/syslog.conf is the system log file for debug messages that are related to privilege debugging. The path for debug messages is set in the priv.debug entry.
For more information, see the syslog.conf(4) man page.
Privilege use can be audited. Any time that a process uses a privilege, the use of privilege is recorded in the audit trail in the upriv audit token. When privilege names are part of the record, their textual representation is used. The following audit events record use of privilege:
AUE_SETPPRIV audit event – Generates an audit record when a privilege set is changed. The AUE_SETPPRIV audit event is in the pm class.
AUE_MODALLOCPRIV audit event – Generates an audit record when a privilege is added from outside the kernel. The AUE_MODALLOCPRIV audit event is in the ad class.
AUE_MODDEVPLCY audit event – Generates an audit record when the device policy is changed. The AUE_MODDEVPLCY audit event is in the ad class.
AUE_PFEXEC audit event – Generates an audit record when a call is made to execve() with pfexec() enabled. The AUE_PFEXEC audit event is in the as, ex, ps, and ua audit classes. The names of the privileges are included in the audit record.
The successful use of privileges that are in the basic set is not audited. An attempt to use a basic privilege that has been removed from a user's basic set is audited.