Standards, Environments, and Macros privileges(5)
NAME
privileges - process privilege model
DESCRIPTION
Solaris software implements a set of privileges that provide
fine-grained control over the actions of processes. The pos-
session of a certain privilege allows a process to perform a specific set of restricted operations.The change to a primarily privilege-based security model in
the Solaris operating system gives developers an opportunityto restrict processes to those privileged operations actu-
ally needed instead of all (super-user) or no privileges
(non-zero UIDs). Additionally, a set of previously unres-
tricted operations now requires a privilege; theseprivileges are dubbed the "basic" privileges and are by
default given to all processes.Taken together, all defined privileges with the exception of
the "basic" privileges compose the set of privileges that
are traditionally associated with the root user. The "basic"privileges are "privileges" unprivileged processes were
accustomed to having.The defined privileges are:
PRIV_CONTRACT_EVENT
Allow a process to request reliable delivery of events to an event endpoint. Allow a process to include events in the critical event set term of a template which could be generated in volume by the user.PRIV_CONTRACT_IDENTITY
Allows a process to set the service FMRI value of a pro-
cess contract template.PRIV_CONTRACT_OBSERVER
Allow a process to observe contract events generated by contracts created and owned by users other than the process's effective user ID. Allow a process to open contract event endpointsSunOS 5.11 Last change: 26 May 2010 1
Standards, Environments, and Macros privileges(5)
belonging to contracts created and owned by users other than the process's effective user ID.PRIV_CPC_CPU
Allow a process to access per-CPU hardware performance
counters.PRIV_DTRACE_KERNEL
Allow DTrace kernel-level tracing.
PRIV_DTRACE_PROC
Allow DTrace process-level tracing. Allow process-level
tracing probes to be placed and enabled in processes to which the user has permissions.PRIV_DTRACE_USER
Allow DTrace user-level tracing. Allow use of the sys-
call and profile DTrace providers to examine processes to which the user has permissions.PRIV_FILE_CHOWN
Allow a process to change a file's owner user ID. Allow a process to change a file's group ID to one other than the process's effective group ID or one of the process's supplemental group IDs.PRIV_FILE_CHOWN_SELF
Allow a process to give away its files. A process withthis privilege runs as if {_POSIX_CHOWN_RESTRICTED} is
not in effect.PRIV_FILE_DAC_EXECUTE
Allow a process to execute an executable file whose per-
mission bits or ACL would otherwise disallow the process execute permission.SunOS 5.11 Last change: 26 May 2010 2
Standards, Environments, and Macros privileges(5)
PRIV_FILE_DAC_READ
Allow a process to read a file or directory whose per-
mission bits or ACL would otherwise disallow the process read permission.PRIV_FILE_DAC_SEARCH
Allow a process to search a directory whose permission bits or ACL would not otherwise allow the process search permission.PRIV_FILE_DAC_WRITE
Allow a process to write a file or directory whose per-
mission bits or ACL do not allow the process write per-
mission. All privileges are required to write files
owned by UID 0 in the absence of an effective UID of 0.PRIV_FILE_DOWNGRADE_SL
Allow a process to set the sensitivity label of a fileor directory to a sensitivity label that does not dom-
inate the existing sensitivity label.This privilege is interpreted only if the system is con-
figured with Trusted Extensions.PRIV_FILE_FLAG_SET
Allows a process to set immutable, nounlink or appen-
donly file attributes.PRIV_FILE_LINK_ANY
Allow a process to create hardlinks to files owned by a UID different from the process's effective UID.PRIV_FILE_OWNER
Allow a process that is not the owner of a file to modify that file's access and modification times. Allow a process that is not the owner of a directory to modify that directory's access and modification times. Allow a process that is not the owner of a file or directory to remove or rename a file or directory whose parentSunOS 5.11 Last change: 26 May 2010 3
Standards, Environments, and Macros privileges(5)
directory has the "save text image after execution" (sticky) bit set. Allow a process that is not the ownerof a file to mount a namefs upon that file. Allow a pro-
cess that is not the owner of a file or directory to modify that file's or directory's permission bits or ACL.PRIV_FILE_READ
Allow a process to read a file or directory whose per-
mission or ACL allow the process read permission.PRIV_FILE_SETID
Allow a process to change the ownership of a file orwrite to a file without the set-user-ID and set-group-ID
bits being cleared. Allow a process to set the set-
group-ID bit on a file or directory whose group is not
the process's effective group or one of the process'ssupplemental groups. Allow a process to set the set-
user-ID bit on a file with different ownership in the
presence of PRIV_FILE_OWNER. Additional restrictions
apply when creating or modifying a setuid 0 file.PRIV_FILE_UPGRADE_SL
Allow a process to set the sensitivity label of a file or directory to a sensitivity label that dominates the existing sensitivity label.This privilege is interpreted only if the system is con-
figured with Trusted Extensions.PRIV_FILE_WRITE
Allow a process to write a file or directory whose per-
mission or ACL allow the process write permission. +PRIV_GRAPHICS_ACCESS
Allow a process to make privileged ioctls to graphics devices. Typically only an xserver process needs to have this privilege. A process with this privilege is also allowed to perform privileged graphics device mappings.SunOS 5.11 Last change: 26 May 2010 4
Standards, Environments, and Macros privileges(5)
PRIV_GRAPHICS_MAP
Allow a process to perform privileged mappings through a graphics device.PRIV_IPC_DAC_READ
Allow a process to read a System V IPC Message Queue, Semaphore Set, or Shared Memory Segment whose permissionbits would not otherwise allow the process read permis-
sion.PRIV_IPC_DAC_WRITE
Allow a process to write a System V IPC Message Queue, Semaphore Set, or Shared Memory Segment whose permissionbits would not otherwise allow the process write permis-
sion.PRIV_IPC_OWNER
Allow a process that is not the owner of a System V IPC Message Queue, Semaphore Set, or Shared Memory Segment to remove, change ownership of, or change permission bits of the Message Queue, Semaphore Set, or Shared Memory Segment.PRIV_NET_ACCESS
Allow a process to open a TCP, UDP, SDP or SCTP network endpoint.PRIV_NET_BINDMLP
Allow a process to bind to a port that is configured asa multi-level port (MLP) for the process's zone. This
privilege applies to both shared address and zone-
specific address MLPs. See tnzonecfg(4) from the Trusted Extensions manual pages for information on configuring MLP ports.This privilege is interpreted only if the system is con-
figured with Trusted Extensions.PRIV_NET_ICMPACCESS
SunOS 5.11 Last change: 26 May 2010 5
Standards, Environments, and Macros privileges(5)
Allow a process to send and receive ICMP packets.PRIV_NET_MAC_AWARE
Allow a process to set the NET_MAC_AWARE process flag by
using setpflags(2). This privilege also allows a processto set the SO_MAC_EXEMPT socket option by using
setsockopt(3SOCKET). The NET_MAC_AWARE process flag and
the SO_MAC_EXEMPT socket option both allow a local pro-
cess to communicate with an unlabeled peer if the local process's label dominates the peer's default label, or if the local process runs in the global zone.This privilege is interpreted only if the system is con-
figured with Trusted Extensions.PRIV_NET_OBSERVABILITY
Allow a process to open a device for just receiving net-
work traffic, sending traffic is disallowed.PRIV_NET_PRIVADDR
Allow a process to bind to a privileged port number. Theprivilege port numbers are 1-1023 (the traditional UNIX
privileged ports) as well as those ports marked as"udp/tcp_extra_priv_ports" with the exception of the
ports reserved for use by NFS and SMB.PRIV_NET_RAWACCESS
Allow a process to have direct access to the network layer.PRIV_PROC_AUDIT
Allow a process to generate audit records. Allow a pro-
cess to get its own audit pre-selection information.
PRIV_PROC_CHROOT
Allow a process to change its root directory.PRIV_PROC_CLOCK_HIGHRES
SunOS 5.11 Last change: 26 May 2010 6
Standards, Environments, and Macros privileges(5)
Allow a process to use high resolution timers.PRIV_PROC_EXEC
Allow a process to call exec(2).PRIV_PROC_FORK
Allow a process to call fork(2), fork1(2), or vfork(2).PRIV_PROC_INFO
Allow a process to examine the status of processes other than those to which it can send signals. Processes that cannot be examined cannot be seen in /proc and appear not to exist.PRIV_PROC_LOCK_MEMORY
Allow a process to lock pages in physical memory.PRIV_PROC_OWNER
Allow a process to send signals to other processes and inspect and modify the process state in other processes, regardless of ownership. When modifying another process, additional restrictions apply: the effective privilege set of the attaching process must be a superset of the target process's effective, permitted, and inheritable sets; the limit set must be a superset of the target's limit set; if the target process has any UID set to 0 all privilege must be asserted unless the effective UID is 0. Allow a process to bind arbitrary processes to CPUs.PRIV_PROC_PRIOCNTL
Allow a process to elevate its priority above its current level. Allow a process to change its scheduling class to any scheduling class, including the RT class.PRIV_PROC_SESSION
Allow a process to send signals or trace processes out-
side its session.SunOS 5.11 Last change: 26 May 2010 7
Standards, Environments, and Macros privileges(5)
PRIV_PROC_SETID
Allow a process to set its UIDs at will, assuming UID 0requires all privileges to be asserted.
PRIV_PROC_TASKID
Allow a process to assign a new task ID to the calling process.PRIV_PROC_ZONE
Allow a process to trace or send signals to processes in other zones. See zones(5).PRIV_SYS_ACCT
Allow a process to enable and disable and manage accounting through acct(2).PRIV_SYS_ADMIN
Allow a process to perform system administration tasks such as setting node and domain name and specifying coreadm(1M) and nscd(1M) settingsPRIV_SYS_AUDIT
Allow a process to start the (kernel) audit daemon. Allow a process to view and set audit state (audit userID, audit terminal ID, audit sessions ID, audit pre-
selection mask). Allow a process to turn off and onauditing. Allow a process to configure the audit parame-
ters (cache and queue sizes, event to class mappings, and policy options).PRIV_SYS_CONFIG
Allow a process to perform various system configurationtasks. Allow filesystem-specific administrative pro-
cedures, such as filesystem configuration ioctls, quotacalls, creation and deletion of snapshots, and manipu-
lating the PCFS bootsector.SunOS 5.11 Last change: 26 May 2010 8
Standards, Environments, and Macros privileges(5)
PRIV_SYS_DEVICES
Allow a process to create device special files. Allow a process to successfully call a kernel module that callsthe kernel drv_priv(9F) function to check for allowed
access. Allow a process to open the real console device directly. Allow a process to open devices that have been exclusively opened.PRIV_SYS_DL_CONFIG
Allow a process to configure a system's datalink inter-
faces.PRIV_SYS_IP_CONFIG
Allow a process to configure a system's IP interfacesand routes. Allow a process to configure TCP/IP parame-
ters. Allow a process to pop anchored STREAMs modules with matching zoneid.PRIV_SYS_IPC_CONFIG
Allow a process to increase the size of a System V IPC Message Queue buffer.PRIV_SYS_LINKDIR
Allow a process to unlink and link directories.PRIV_SYS_MOUNT
Allow a process to mount and unmount filesystems that would otherwise be restricted (that is, most filesystems except namefs). Allow a process to add and remove swap devices.PRIV_SYS_NET_CONFIG
Allow a process to do all that PRIV_SYS_IP_CONFIG,
PRIV_SYS_DL_CONFIG, and PRIV_SYS_PPP_CONFIG allow, plus
the following: use the rpcmod STREAMS module and insert/remove STREAMS modules on locations other than the top of the module stack.SunOS 5.11 Last change: 26 May 2010 9
Standards, Environments, and Macros privileges(5)
PRIV_SYS_NFS
Allow a process to provide NFS service: start NFS kernel threads, perform NFS locking operations, bind to NFS reserved ports: ports 2049 (nfs) and port 4045 (lockd).PRIV_SYS_PPP_CONFIG
Allow a process to create, configure, and destroy PPP instances with pppd(1M) pppd(1M) and control PPPoE plumbing with sppptun(1M)sppptun(1M). This privilege is granted by default to exclusive IP stack instance zones.PRIV_SYS_RES_BIND
Allow a process to bind processes to processor sets.PRIV_SYS_RES_CONFIG
Allow a process to bind processes to processor sets, asPRIV_SYS_RES_BIND, in addition to the following outlined
in this paragraph. Allow a process to create and deleteprocessor sets, assign CPUs to processor sets and over-
ride the PSET_NOESCAPE property. Allow a process to
change the operational status of CPUs in the systemusing p_online(2). Allow a process to configure filesys-
tem quotas. Allow a process to configure resource pools and bind processes to pools.PRIV_SYS_RESOURCE
Allow a process to exceed the resource limits imposed on it by setrlimit(2) and setrctl(2).PRIV_SYS_SMB
Allow a process to provide NetBIOS or SMB services: start SMB kernel threads or bind to NetBIOS or SMB reserved ports: ports 137, 138, 139 (NetBIOS) and 445 (SMB).PRIV_SYS_SUSER_COMPAT
Allow a process to successfully call a third party load-
able module that calls the kernel suser() function to check for allowed access. This privilege exists only forSunOS 5.11 Last change: 26 May 2010 10
Standards, Environments, and Macros privileges(5)
third party loadable module compatibility and is not used by Solaris proper.PRIV_SYS_TIME
Allow a process to manipulate system time using any of the appropriate system calls: stime(2), adjtime(2), andntp_adjtime(2).
PRIV_SYS_TRANS_LABEL
Allow a process to translate labels that are not dom-
inated by the process's sensitivity label to and from an external string form.This privilege is interpreted only if the system is con-
figured with Trusted Extensions.PRIV_VIRT_MANAGE
Allows a process to manage virtualized environments such as xVM(5).PRIV_WIN_COLORMAP
Allow a process to override colormap restrictions. Allow a process to install or remove colormaps.Allow a process to retrieve colormap cell entries allo-
cated by other processes.This privilege is interpreted only if the system is con-
figured with Trusted Extensions.PRIV_WIN_CONFIG
Allow a process to configure or destroy resources that are permanently retained by the X server. Allow a process to use SetScreenSaver to set the screen saver timeout value Allow a process to use ChangeHosts to modify the display access control list. Allow a process to use GrabServer.SunOS 5.11 Last change: 26 May 2010 11
Standards, Environments, and Macros privileges(5)
Allow a process to use the SetCloseDownMode request that can retain window, pixmap, colormap, property, cursor, font, or graphic context resources.This privilege is interpreted only if the system is con-
figured with Trusted Extensions.PRIV_WIN_DAC_READ
Allow a process to read from a window resource that it does not own (has a different user ID).This privilege is interpreted only if the system is con-
figured with Trusted Extensions.PRIV_WIN_DAC_WRITE
Allow a process to write to or create a window resource that it does not own (has a different user ID). A newly created window property is created with the window's user ID.This privilege is interpreted only if the system is con-
figured with Trusted Extensions.PRIV_WIN_DEVICES
Allow a process to perform operations on window input devices.Allow a process to get and set keyboard and pointer con-
trols.Allow a process to modify pointer button and key map-
pings.This privilege is interpreted only if the system is con-
figured with Trusted Extensions.PRIV_WIN_DGA
Allow a process to use the direct graphics access (DGA) X protocol extensions. Direct process access to the frame buffer is still required. Thus the process musthave MAC and DAC privileges that allow access to the
frame buffer, or the frame buffer must be allocated to the process.SunOS 5.11 Last change: 26 May 2010 12
Standards, Environments, and Macros privileges(5)
This privilege is interpreted only if the system is con-
figured with Trusted Extensions.PRIV_WIN_DOWNGRADE_SL
Allow a process to set the sensitivity label of a window resource to a sensitivity label that does not dominate the existing sensitivity label.This privilege is interpreted only if the system is con-
figured with Trusted Extensions.PRIV_WIN_FONTPATH
Allow a process to set a font path.This privilege is interpreted only if the system is con-
figured with Trusted Extensions.PRIV_WIN_MAC_READ
Allow a process to read from a window resource whosesensitivity label is not equal to the process sensi-
tivity label.This privilege is interpreted only if the system is con-
figured with Trusted Extensions.PRIV_WIN_MAC_WRITE
Allow a process to create a window resource whose sensi-
tivity label is not equal to the process sensitivity label. A newly created window property is created with the window's sensitivity label.This privilege is interpreted only if the system is con-
figured with Trusted Extensions.PRIV_WIN_SELECTION
Allow a process to request inter-window data moves
without the intervention of the selection confirmer.This privilege is interpreted only if the system is con-
figured with Trusted Extensions.SunOS 5.11 Last change: 26 May 2010 13
Standards, Environments, and Macros privileges(5)
PRIV_WIN_UPGRADE_SL
Allow a process to set the sensitivity label of a window resource to a sensitivity label that dominates the existing sensitivity label.This privilege is interpreted only if the system is con-
figured with Trusted Extensions.PRIV_XVM_CONTROL
Allows a process access to the xVM(5) control devices for managing guest domains and the hypervisor. Thisprivilege is used only if booted into xVM on x86 plat-
forms.Of the privileges listed above, the privileges
PRIV_FILE_LINK_ANY, PRIV_FILE_READ, PRIV_FILE_WRITE,
PRIV_PROC_INFO, PRIV_PROC_SESSION, PRIV_NET_ACCESS,
PRIV_PROC_FORK, and PRIV_PROC_EXEC are considered "basic"
privileges. These are privileges that used to be always
available to unprivileged processes. By default, processesstill have the basic privileges.
The privileges PRIV_PROC_SETID and PRIV_PROC_AUDIT must be
present in the Limit set (see below) of a process in order for setuid root execs to be successful; that is, get aneffective UID of 0 and additional privileges.
The privilege implementation in Solaris extends the process credential with four privilege sets:I, the inheritable set The privileges inherited on exec.
P, the permitted set The maximum set of privileges for
the process.E, the effective set The privileges currently in
effect.L, the limit set The upper bound of the privileges
a process and its offspring can obtain. Changes to L take effect on the next exec.SunOS 5.11 Last change: 26 May 2010 14
Standards, Environments, and Macros privileges(5)
The sets I, P and E are typically identical to the basic setof privileges for unprivileged processes. The limit set is
typically the full set of privileges.
Each process has a Privilege Awareness State (PAS) that cantake the value PA (privilege-aware) and NPA (not-PA). PAS is
a transitional mechanism that allows a choice between full compatibility with the old superuser model and completely ignoring the effective UID. To facilitate the discussion, we introduce the notion of "observed effective set" (oE) and "observed permitted set" (oP) and the implementation sets iE and iP.A process becomes privilege-aware either by manipulating the
effective, permitted, or limit privilege sets through setppriv(2) or by using setpflags(2). In all cases, oE andoP are invariant in the process of becoming privilege-aware.
In the process of becoming privilege-aware, the following
assignments take place: iE = oE iP = oPWhen a process is privilege-aware, oE and oP are invariant
under UID changes. When a process is not privilege-aware, oE
and oP are observed as follows: oE = euid == 0 ? L : iE oP = (euid == 0 || ruid == 0 || suid == 0) ? L : iPWhen a non-privilege-aware process has an effective UID of
0, it can exercise the privileges contained in its limit
set, the upper bound of its privileges. If a non-privilege-
aware process has any of the UIDs 0, it appears to be capa-
ble of potentially exercising all privileges in L.
It is possible for a process to return to the non-privilege
aware state using setpflags(). The kernel always attempts this on exec(2). This operation is permitted only if the following conditions are met: o If any of the UIDs is equal to 0, P must be equal to L.SunOS 5.11 Last change: 26 May 2010 15
Standards, Environments, and Macros privileges(5)
o If the effective UID is equal to 0, E must be equal to L. When a process gives up privilege awareness, the following assignments take place: if (euid == 0) iE = L & I if (any uid == 0) iP = L & IThe privileges obtained when not having a UID of 0 are the
inheritable set of the process restricted by the limit set.Only privileges in the process's (observed) effective
privilege set allow the process to perform restricted opera-
tions. A process can use any of the privilege manipulationfunctions to add or remove privileges from the privilege
sets. Privileges can be removed always. Only privileges
found in the permitted set can be added to the effective and inheritable set. The limit set cannot grow. The inheritable set can be larger than the permitted set. When a process performs an exec(2), the kernel first triesto relinquish privilege awareness before making the follow-
ing privilege set modifications: E' = P' = I' = L & I L is unchangedIf a process has not manipulated its privileges, the
privilege sets effectively remain the same, as E, P and I are already identical. The limit set is enforced at exec time.To run a non-privilege-aware application in a backward-
compatible manner, a privilege-aware application should
start the non-privilege-aware application with I=basic.
For most privileges, absence of the privilege simply results
in a failure. In some instances, the absense of a privilege can cause system calls to behave differently. In otherinstances, the removal of a privilege can force a set-uid
SunOS 5.11 Last change: 26 May 2010 16
Standards, Environments, and Macros privileges(5)
application to seriously malfunction. Privileges of this type are considered "unsafe". When a process is lacking anyof the unsafe privileges from its limit set, the system does
not honor the set-uid bit of set-uid root applications. The
following unsafe privileges have been identified:
proc_setid, sys_resource and proc_audit.
Privilege Escalation In certain circumstances, a single privilege could lead to aprocess gaining one or more additional privileges that were
not explicitly granted to that process. To prevent such anescalation of privileges, the security policy requires
explicit permission for those additional privileges.
Common examples of escalation are those mechanisms thatallow modification of system resources through "raw'' inter-
faces; for example, changing kernel data structures through /dev/kmem or changing files through /dev/dsk/*. Escalation also occurs when a process controls processes with moreprivileges than the controlling process. A special case of
this is manipulating or creating objects owned by UID 0 ortrying to obtain UID 0 using setuid(2). The special treat-
ment of UID 0 is needed because the UID 0 owns all system configuration files and ordinary file protection mechanismsallow processes with UID 0 to modify the system configura-
tion. With appropriate file modifications, a given processrunning with an effective UID of 0 can gain all privileges.
In situations where a process might obtain UID 0, the secu-
rity policy requires additional privileges, up to the full
set of privileges. Such restrictions could be relaxed or
removed at such time as additional mechanisms for protectionof system files became available. There are no such mechan-
isms in the current Solaris release.The use of UID 0 processes should be limited as much as pos-
sible. They should be replaced with programs running under adifferent UID but with exactly the privileges they need.
Daemons that never need to exec subprocesses should removethe PRIV_PROC_EXEC privilege from their permitted and limit
sets. Assigned Privileges and SafeguardsWhen privileges are assigned to a user, the system adminis-
trator could give that user more powers than intended. The administrator should consider whether safeguards are needed.For example, if the PRIV_PROC_LOCK_MEMORY privilege is given
SunOS 5.11 Last change: 26 May 2010 17
Standards, Environments, and Macros privileges(5)
to a user, the administrator should consider setting theproject.max-locked-memory resource control as well, to
prevent that user from locking all memory. Privilege Debugging When a system call fails with a permission error, it is not always immediately obvious what caused the problem. To debugsuch a problem, you can use a tool called privilege debug-
ging. When privilege debugging is enabled for a process, thekernel reports missing privileges on the controlling termi-
nal of the process. (Enable debugging for a process with the-D option of ppriv(1).) Additionally, the administrator can
enable system-wide privilege debugging by setting the sys-
tem(4) variable priv_debug using:
set priv_debug = 1
On a running system, you can use mdb(1) to change this vari-
able. Privilege AdministrationThe Solaris Management Console (see smc(1M)) is the pre-
ferred method of modifying privileges for a command. Use
usermod(1M) or smrole(1M) to assign privileges to or modify
privileges for, respectively, a user or a role. Use ppriv(1)
to enumerate the privileges supported on a system and
truss(1) to determine which privileges a program requires.
SEE ALSO
mdb(1), ppriv(1), add_drv(1M), ifconfig(1M), lockd(1M),
nfsd(1M), pppd(1M), rem_drv(1M), smbd(1M), sppptun(1M),
update_drv(1M), Intro(2), access(2), acct(2), acl(2), adj-
time(2), audit(2), auditon(2), chmod(2), chown(2),chroot(2), creat(2), exec(2), fcntl(2), fork(2), fpath-
conf(2), getacct(2), getpflags(2), getppriv(2), getsid(2), kill(2), link(2), memcntl(2), mknod(2), mount(2), msgctl(2),nice(2), ntp_adjtime(2), open(2), p_online(2), priocntl(2),
priocntlset(2), processor_bind(2), pset_bind(2),
pset_create(2), readlink(2), resolvepath(2), rmdir(2),
semctl(2), setauid(2), setegid(2), seteuid(2), setgid(2),setgroups(2), setpflags(2), setppriv(2), setrctl(2), setre-
gid(2), setreuid(2), setrlimit(2), settaskid(2), setuid(2), shmctl(2), shmget(2), shmop(2), sigsend(2), stat(2), statvfs(2), stime(2), swapctl(2), sysinfo(2), uadmin(2), ulimit(2), umount(2), unlink(2), utime(2), utimes(2),bind(3SOCKET), door_ucred(3C), priv_addset(3C),
priv_set(3C), priv_getbyname(3C), priv_getbynum(3C),
priv_set_to_str(3C), priv_str_to_set(3C), socket(3SOCKET),
t_bind(3NSL), timer_create(3C), ucred_get(3C), exec_attr(4),
proc(4), system(4), user_attr(4), xVM(5), ddi_cred(9F),
SunOS 5.11 Last change: 26 May 2010 18
Standards, Environments, and Macros privileges(5)
drv_priv(9F), priv_getbyname(9F), priv_policy(9F),
priv_policy_choice(9F), priv_policy_only(9F)
System Administration Guide: Security Services NOTESRemoval of any of the basic privileges from a process leaves
it in a non-standards compliant state, may cause unexpected
application failures, and should only be performed with full knowledge of the potential side effects.SunOS 5.11 Last change: 26 May 2010 19