Print this page
uts: add a concept of a 'default' set of privileges, separate from 'basic'
   1 PRIVILEGES(5)         Standards, Environments, and Macros        PRIVILEGES(5)
   2 
   3 
   4 
   5 NAME
   6        privileges - process privilege model
   7 
   8 DESCRIPTION
   9        Solaris software implements a set of privileges that provide fine-
  10        grained control over the actions of processes. The possession of a
  11        certain privilege allows a process to perform a specific set of
  12        restricted operations.
  13 
  14 
  15        The change to a primarily privilege-based security model in the Solaris
  16        operating system gives developers an opportunity to restrict processes
  17        to those privileged operations actually needed instead of all (super-
  18        user) or no privileges (non-zero UIDs). Additionally, a set of
  19        previously unrestricted operations now requires a privilege; these
  20        privileges are dubbed the "basic" privileges and are by default given
  21        to all processes.




  22 
  23 
  24        Taken together, all defined privileges with the exception of the
  25        "basic" privileges compose the set of privileges that are traditionally
  26        associated with the root user. The "basic" privileges are "privileges"
  27        unprivileged processes were accustomed to having.



  28 
  29 
  30        The defined privileges are:
  31 
  32        PRIV_CONTRACT_EVENT
  33 
  34            Allow a process to request reliable delivery of events to an event
  35            endpoint.
  36 
  37            Allow a process to include events in the critical event set term of
  38            a template which could be generated in volume by the user.
  39 
  40 
  41        PRIV_CONTRACT_IDENTITY
  42 
  43            Allows a process to set the service FMRI value of a process
  44            contract template.
  45 
  46 
  47        PRIV_CONTRACT_OBSERVER


   1 PRIVILEGES(5)         Standards, Environments, and Macros        PRIVILEGES(5)
   2 
   3 
   4 
   5 NAME
   6        privileges - process privilege model
   7 
   8 DESCRIPTION
   9        Solaris software implements a set of privileges that provide fine-
  10        grained control over the actions of processes. The possession of a
  11        certain privilege allows a process to perform a specific set of
  12        restricted operations.
  13 
  14 
  15        The change to a primarily privilege-based security model in the Solaris
  16        operating system gives developers an opportunity to restrict processes
  17        to those privileged operations actually needed instead of all (super-
  18        user) or no privileges (non-zero UIDs). Additionally, a set of
  19        previously unrestricted operations now requires a privilege; these
  20        privileges are dubbed the "basic" privileges.
  21 
  22 
  23        The "basic" privileges, and certain privileges representing concepts
  24        not traditionally present are, by default, given to all processes.
  25        These are the "default" set of privileges.
  26 
  27 
  28        Taken together, all defined privileges with the exception of the
  29        "default" privileges compose the set of privileges that are
  30        traditionally associated with the root user. The "basic" privileges are
  31        "privileges" unprivileged processes were accustomed to having, and the
  32        "default" privileges are the "basic" privileges plus additions that
  33        while unprivileged processes aren't accustomed to, they should now
  34        have.
  35 
  36 
  37        The defined privileges are:
  38 
  39        PRIV_CONTRACT_EVENT
  40 
  41            Allow a process to request reliable delivery of events to an event
  42            endpoint.
  43 
  44            Allow a process to include events in the critical event set term of
  45            a template which could be generated in volume by the user.
  46 
  47 
  48        PRIV_CONTRACT_IDENTITY
  49 
  50            Allows a process to set the service FMRI value of a process
  51            contract template.
  52 
  53 
  54        PRIV_CONTRACT_OBSERVER