1 '\" te
2 .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
3 .\" Copyright 2015, Joyent, Inc. All Rights Reserved.
4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
5 .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with
6 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 .TH PRIVILEGES 5 "April 9, 2016"
8 .SH NAME
9 privileges \- process privilege model
10 .SH DESCRIPTION
11 .LP
12 Solaris software implements a set of privileges that provide fine-grained
13 control over the actions of processes. The possession of a certain privilege
14 allows a process to perform a specific set of restricted operations.
15 .sp
16 .LP
17 The change to a primarily privilege-based security model in the Solaris
18 operating system gives developers an opportunity to restrict processes to those
19 privileged operations actually needed instead of all (super-user) or no
20 privileges (non-zero UIDs). Additionally, a set of previously unrestricted
21 operations now requires a privilege; these privileges are dubbed the "basic"
22 privileges and are by default given to all processes.
23 .sp
24 .LP
25 Taken together, all defined privileges with the exception of the "basic"
26 privileges compose the set of privileges that are traditionally associated with
27 the root user. The "basic" privileges are "privileges" unprivileged processes
555 .sp .6
556 .RS 4n
557 Allow a process to elevate its priority above its current level.
558 .RE
559
560 .sp
561 .ne 2
562 .na
563 \fB\fBPRIV_PROC_PRIOCNTL\fR\fR
564 .ad
565 .sp .6
566 .RS 4n
567 Allows all that PRIV_PROC_PRIOUP allows.
568 Allow a process to change its scheduling class to any scheduling class,
569 including the RT class.
570 .RE
571
572 .sp
573 .ne 2
574 .na
575 \fB\fBPRIV_PROC_SESSION\fR\fR
576 .ad
577 .sp .6
578 .RS 4n
579 Allow a process to send signals or trace processes outside its session.
580 .RE
581
582 .sp
583 .ne 2
584 .na
585 \fB\fBPRIV_PROC_SETID\fR\fR
586 .ad
587 .sp .6
588 .RS 4n
589 Allow a process to set its UIDs at will, assuming UID 0 requires all privileges
590 to be asserted.
591 .RE
592
593 .sp
594 .ne 2
|
1 '\" te
2 .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
3 .\" Copyright 2015, Joyent, Inc. All Rights Reserved.
4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
5 .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with
6 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 .TH PRIVILEGES 5 "Jun 6, 2016"
8 .SH NAME
9 privileges \- process privilege model
10 .SH DESCRIPTION
11 .LP
12 Solaris software implements a set of privileges that provide fine-grained
13 control over the actions of processes. The possession of a certain privilege
14 allows a process to perform a specific set of restricted operations.
15 .sp
16 .LP
17 The change to a primarily privilege-based security model in the Solaris
18 operating system gives developers an opportunity to restrict processes to those
19 privileged operations actually needed instead of all (super-user) or no
20 privileges (non-zero UIDs). Additionally, a set of previously unrestricted
21 operations now requires a privilege; these privileges are dubbed the "basic"
22 privileges and are by default given to all processes.
23 .sp
24 .LP
25 Taken together, all defined privileges with the exception of the "basic"
26 privileges compose the set of privileges that are traditionally associated with
27 the root user. The "basic" privileges are "privileges" unprivileged processes
555 .sp .6
556 .RS 4n
557 Allow a process to elevate its priority above its current level.
558 .RE
559
560 .sp
561 .ne 2
562 .na
563 \fB\fBPRIV_PROC_PRIOCNTL\fR\fR
564 .ad
565 .sp .6
566 .RS 4n
567 Allows all that PRIV_PROC_PRIOUP allows.
568 Allow a process to change its scheduling class to any scheduling class,
569 including the RT class.
570 .RE
571
572 .sp
573 .ne 2
574 .na
575 \fB\PRIV_PROC_SECFLAGS\fR
576 .ad
577 .sp .6
578 .RS 4n
579 Allow a process to manipulate the secflags of processes (subject to,
580 additionally, the ability to signal that process).
581 .RE
582
583 .sp
584 .ne 2
585 .na
586 \fB\fBPRIV_PROC_SESSION\fR\fR
587 .ad
588 .sp .6
589 .RS 4n
590 Allow a process to send signals or trace processes outside its session.
591 .RE
592
593 .sp
594 .ne 2
595 .na
596 \fB\fBPRIV_PROC_SETID\fR\fR
597 .ad
598 .sp .6
599 .RS 4n
600 Allow a process to set its UIDs at will, assuming UID 0 requires all privileges
601 to be asserted.
602 .RE
603
604 .sp
605 .ne 2
|