Print this page
11621 fmadm and fmstat document privileges incorrectly

@@ -4,17 +4,17 @@
 
 NAME
        privileges - process privilege model
 
 DESCRIPTION
-       Solaris software implements a set of privileges that provide fine-
+       In illumos, software implements a set of privileges that provide fine-
        grained control over the actions of processes. The possession of a
        certain privilege allows a process to perform a specific set of
        restricted operations.
 
 
-       The change to a primarily privilege-based security model in the Solaris
+       The change to a primarily privilege-based security model in the
        operating system gives developers an opportunity to restrict processes
        to those privileged operations actually needed instead of all (super-
        user) or no privileges (non-zero UIDs). Additionally, a set of
        previously unrestricted operations now requires a privilege; these
        privileges are dubbed the "basic" privileges and are by default given

@@ -399,12 +399,11 @@
 
 
        PRIV_SYS_ADMIN
 
            Allow a process to perform system administration tasks such as
-           setting node and domain name and specifying coreadm(1M) and
-           nscd(1M) settings
+           setting node and domain name and managing fmd(1M) and nscd(1M).
 
 
        PRIV_SYS_AUDIT
 
            Allow a process to start the (kernel) audit daemon. Allow a process

@@ -523,11 +522,11 @@
        PRIV_SYS_SUSER_COMPAT
 
            Allow a process to successfully call a third party loadable module
            that calls the kernel suser() function to check for allowed access.
            This privilege exists only for third party loadable module
-           compatibility and is not used by Solaris proper.
+           compatibility and is not used by illumos.
 
 
        PRIV_SYS_TIME
 
            Allow a process to manipulate system time using any of the

@@ -701,11 +700,11 @@
        the Limit set (see below) of a process in order for set-uid root execs
        to be successful, that is, get an effective UID of 0 and additional
        privileges.
 
 
-       The privilege implementation in Solaris extends the process credential
+       The privilege implementation in illumos extends the process credential
        with four privilege sets:
 
        I, the inheritable set
                                  The privileges inherited on exec.
 

@@ -837,17 +836,17 @@
        the security policy requires explicit permission for those additional
        privileges.
 
 
        Common examples of escalation are those mechanisms that allow
-       modification of system resources through "raw'' interfaces; for
-       example, changing kernel data structures through /dev/kmem or changing
-       files through /dev/dsk/*.  Escalation also occurs when a process
-       controls processes with more privileges than the controlling process. A
-       special case of this is manipulating or creating objects owned by UID 0
-       or trying to obtain UID 0 using setuid(2). The special treatment of UID
-       0 is needed because the UID 0 owns all system configuration files and
+       modification of system resources through "raw" interfaces; for example,
+       changing kernel data structures through /dev/kmem or changing files
+       through /dev/dsk/*.  Escalation also occurs when a process controls
+       processes with more privileges than the controlling process. A special
+       case of this is manipulating or creating objects owned by UID 0 or
+       trying to obtain UID 0 using setuid(2). The special treatment of UID 0
+       is needed because the UID 0 owns all system configuration files and
        ordinary file protection mechanisms allow processes with UID 0 to
        modify the system configuration. With appropriate file modifications, a
        given process running with an effective UID of 0 can gain all
        privileges.
 

@@ -854,11 +853,11 @@
 
        In situations where a process might obtain UID 0, the security policy
        requires additional privileges, up to the full set of privileges. Such
        restrictions could be relaxed or removed at such time as additional
        mechanisms for protection of system files became available. There are
-       no such mechanisms in the current Solaris release.
+       no such mechanisms in the current release.
 
 
        The use of UID 0 processes should be limited as much as possible. They
        should be replaced with programs running under a different UID but with
        exactly the privileges they need.

@@ -922,6 +921,6 @@
 
        System Administration Guide: Security Services
 
 
 
-                               February 28, 2018                 PRIVILEGES(5)
+                                August 26, 2019                  PRIVILEGES(5)