1 PRIVILEGES(5) Standards, Environments, and Macros PRIVILEGES(5)
2
3
4
5 NAME
6 privileges - process privilege model
7
8 DESCRIPTION
9 Solaris software implements a set of privileges that provide fine-
10 grained control over the actions of processes. The possession of a
11 certain privilege allows a process to perform a specific set of
12 restricted operations.
13
14
15 The change to a primarily privilege-based security model in the Solaris
16 operating system gives developers an opportunity to restrict processes
17 to those privileged operations actually needed instead of all (super-
18 user) or no privileges (non-zero UIDs). Additionally, a set of
19 previously unrestricted operations now requires a privilege; these
20 privileges are dubbed the "basic" privileges and are by default given
21 to all processes.
22
23
24 Taken together, all defined privileges with the exception of the
25 "basic" privileges compose the set of privileges that are traditionally
26 associated with the root user. The "basic" privileges are "privileges"
27 unprivileged processes were accustomed to having.
28
29
30 The defined privileges are:
31
32 PRIV_CONTRACT_EVENT
33
34 Allow a process to request reliable delivery of events to an event
35 endpoint.
36
37 Allow a process to include events in the critical event set term of
38 a template which could be generated in volume by the user.
39
40
41 PRIV_CONTRACT_IDENTITY
42
43 Allows a process to set the service FMRI value of a process
44 contract template.
45
46
47 PRIV_CONTRACT_OBSERVER
|
1 PRIVILEGES(5) Standards, Environments, and Macros PRIVILEGES(5)
2
3
4
5 NAME
6 privileges - process privilege model
7
8 DESCRIPTION
9 Solaris software implements a set of privileges that provide fine-
10 grained control over the actions of processes. The possession of a
11 certain privilege allows a process to perform a specific set of
12 restricted operations.
13
14
15 The change to a primarily privilege-based security model in the Solaris
16 operating system gives developers an opportunity to restrict processes
17 to those privileged operations actually needed instead of all (super-
18 user) or no privileges (non-zero UIDs). Additionally, a set of
19 previously unrestricted operations now requires a privilege; these
20 privileges are dubbed the "basic" privileges.
21
22
23 The "basic" privileges, and certain privileges representing concepts
24 not traditionally present are, by default, given to all processes.
25 These are the "default" set of privileges.
26
27
28 Taken together, all defined privileges with the exception of the
29 "default" privileges compose the set of privileges that are
30 traditionally associated with the root user. The "basic" privileges are
31 "privileges" unprivileged processes were accustomed to having, and the
32 "default" privileges are the "basic" privileges plus additions that
33 while unprivileged processes aren't accustomed to, they should now
34 have.
35
36
37 The defined privileges are:
38
39 PRIV_CONTRACT_EVENT
40
41 Allow a process to request reliable delivery of events to an event
42 endpoint.
43
44 Allow a process to include events in the critical event set term of
45 a template which could be generated in volume by the user.
46
47
48 PRIV_CONTRACT_IDENTITY
49
50 Allows a process to set the service FMRI value of a process
51 contract template.
52
53
54 PRIV_CONTRACT_OBSERVER
|