| Current File : //etc/security/priv_names |
#
# Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
#
# Privilege name explanation file
# The format of entries is a privilege name starting at the
# beginning of a line directly folowed by a new line followed
# by several lines of texts starting with white space terminated
# by a line with a single newline or not starting with white space
#
contract_event
Allows a process to request critical events without limitation.
Allows a process to request reliable delivery of all events on
any event queue.
contract_identity
Allows a process to set the service FMRI value of a process
contract template.
contract_observer
Allows a process to observe contract events generated by
contracts created and owned by users other than the process's
effective user ID.
Allows a process to open contract event endpoints belonging to
contracts created and owned by users other than the process's
effective user ID.
cpc_cpu
Allow a process to access per-CPU hardware performance counters.
dax_access
Allows a process to perform all operations supported by the DAX
hardware.
dtrace_kernel
Allows DTrace kernel-level tracing.
dtrace_proc
Allows DTrace process-level tracing.
Allows process-level tracing probes to be placed and enabled in
processes to which the user has permissions.
dtrace_user
Allows DTrace user-level tracing.
Allows use of the syscall and profile DTrace providers to
examine processes to which the user has permissions.
file_chown
Allows a process to change a file's owner user ID.
Allows a process to change a file's group ID to one other than
the process' effective group ID or one of the process'
supplemental group IDs.
file_chown_self
Allows a process to give away its files; a process with this
privilege will run as if {_POSIX_CHOWN_RESTRICTED} is not
in effect.
file_dac_execute
Allows a process to execute an executable file whose permission
bits or ACL do not allow the process execute permission.
file_dac_read
Allows a process to read a file or directory whose permission
bits or ACL do not allow the process read permission.
file_dac_search
Allows a process to search a directory whose permission bits or
ACL do not allow the process search permission.
file_dac_write
Allows a process to write a file or directory whose permission
bits or ACL do not allow the process write permission.
In order to write files owned by uid 0 in the absence of an
effective uid of 0 ALL privileges are required.
file_downgrade_sl
Allows a process to set the sensitivity label of a file or
directory to a sensitivity label that does not dominate the
existing sensitivity label.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
file_flag_set
Allows a process to set immutable, nounlink or appendonly
file attributes.
file_link_any
Allows a process to create hardlinks to files owned by a uid
different from the process' effective uid.
file_owner
Allows a process which is not the owner of a file or directory
to perform the following operations that are normally permitted
only for the file owner: modify that file's access and
modification times; remove or rename a file or directory whose
parent directory has the ``save text image after execution''
(sticky) bit set; mount a ``namefs'' upon a file; modify
permission bits or ACL except for the set-uid and set-gid
bits.
file_read
Allows a process to read objects in the filesystem.
file_setid
Allows a process to change the ownership of a file or write to
a file without the set-user-ID and set-group-ID bits being
cleared.
Allows a process to set the set-group-ID bit on a file or
directory whose group is not the process' effective group or
one of the process' supplemental groups.
Allows a process to set the set-user-ID bit on a file with
different ownership in the presence of PRIV_FILE_OWNER.
Additional restrictions apply when creating or modifying a
set-uid 0 file.
file_upgrade_sl
Allows a process to set the sensitivity label of a file or
directory to a sensitivity label that dominates the existing
sensitivity label.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
file_write
Allows a process to modify objects in the filesystem.
graphics_access
Allows a process to make privileged ioctls to graphics devices.
Typically only xserver process needs to have this privilege.
A process with this privilege is also allowed to perform
privileged graphics device mappings.
graphics_map
Allows a process to perform privileged mappings through a
graphics device.
ipc_dac_read
Allows a process to read a System V IPC
Message Queue, Semaphore Set, or Shared Memory Segment whose
permission bits do not allow the process read permission.
Allows a process to read remote shared memory whose
permission bits do not allow the process read permission.
ipc_dac_write
Allows a process to write a System V IPC
Message Queue, Semaphore Set, or Shared Memory Segment whose
permission bits do not allow the process write permission.
Allows a process to read remote shared memory whose
permission bits do not allow the process write permission.
Additional restrictions apply if the owner of the object has uid 0
and the effective uid of the current process is not 0.
ipc_owner
Allows a process which is not the owner of a System
V IPC Message Queue, Semaphore Set, or Shared Memory Segment to
remove, change ownership of, or change permission bits of the
Message Queue, Semaphore Set, or Shared Memory Segment.
Additional restrictions apply if the owner of the object has uid 0
and the effective uid of the current process is not 0.
net_access
Allows a process to open a TCP, UDP, SDP or SCTP network endpoint.
net_bindmlp
Allow a process to bind to a port that is configured as a
multi-level port(MLP) for the process's zone. This privilege
applies to both shared address and zone-specific address MLPs.
See tnzonecfg(4) from the Trusted Extensions manual pages for
information on configuring MLP ports.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
net_icmpaccess
Allows a process to send and receive ICMP packets.
net_mac_aware
Allows a process to set NET_MAC_AWARE process flag by using
setpflags(2). This privilege also allows a process to set
SO_MAC_EXEMPT socket option by using setsockopt(3SOCKET).
The NET_MAC_AWARE process flag and the SO_MAC_EXEMPT socket
option both allow a local process to communicate with an
unlabeled peer if the local process' label dominates the
peer's default label, or if the local process runs in the
global zone.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
net_mac_implicit
Allows a process to set SO_MAC_IMPLICIT option by using
setsockopt(3SOCKET). This allows a privileged process to
transmit implicitly-labeled packets to a peer.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
net_observability
Allows a process to access /dev/lo0 and the devices in /dev/ipnet/
while not requiring them to need PRIV_NET_RAWACCESS.
net_privaddr
Allows a process to bind to a privileged port
number. The privilege port numbers are 1-1023 (the traditional
UNIX privileged ports) as well as those ports marked as
"udp/tcp_extra_priv_ports" with the exception of the ports
reserved for use by NFS.
net_rawaccess
Allows a process to have direct access to the network layer.
proc_audit
Allows a process to generate audit records.
Allows a process to get its own audit pre-selection information.
proc_chroot
Allows a process to change its root directory.
proc_clock_highres
Allows a process to use high resolution timers.
proc_exec
Allows a process to call execve().
proc_fork
Allows a process to call fork1()/forkall()/vfork()
proc_info
Allows a process to examine the status of processes other
than those it can send signals to. Processes which cannot
be examined cannot be seen in /proc and appear not to exist.
proc_lock_memory
Allows a process to lock pages in physical memory.
proc_owner
Allows a process to send signals to other processes, inspect
and modify process state to other processes regardless of
ownership. When modifying another process, additional
restrictions apply: the effective privilege set of the
attaching process must be a superset of the target process'
effective, permitted and inheritable sets; the limit set must
be a superset of the target's limit set; if the target process
has any uid set to 0 all privilege must be asserted unless the
effective uid is 0.
Allows a process to bind arbitrary processes to CPUs.
proc_priocntl
Allows a process to elevate its priority above its current level.
Allows a process to change its scheduling class to any scheduling class,
including the RT class.
proc_session
Allows a process to send signals or trace processes outside its
session.
proc_setid
Allows a process to set its uids at will.
Assuming uid 0 requires all privileges to be asserted.
proc_taskid
Allows a process to assign a new task ID to the calling process.
proc_zone
Allows a process to trace or send signals to processes in
other zones.
sys_acct
Allows a process to enable and disable and manage accounting through
acct(2), getacct(2), putacct(2) and wracct(2).
sys_admin
Allows a process to perform system administration tasks such
as setting node and domain name and specifying nscd and coreadm
settings.
sys_audit
Allows a process to start the (kernel) audit daemon.
Allows a process to view and set audit state (audit user ID,
audit terminal ID, audit sessions ID, audit pre-selection mask).
Allows a process to turn off and on auditing.
Allows a process to configure the audit parameters (cache and
queue sizes, event to class mappings, policy options).
sys_config
Allows a process to perform various system configuration tasks.
Allows a process to add and remove swap devices; when adding a swap
device, a process must also have sufficient privileges to read from
and write to the swap device.
sys_devices
Allows a process to successfully call a kernel module that
calls the kernel drv_priv(9F) function to check for allowed
access.
Allows a process to open the real console device directly.
Allows a process to open devices that have been exclusively opened.
sys_ipc_config
Allows a process to increase the size of a System V IPC Message
Queue buffer.
sys_linkdir
Obsolete: Used to allow a process to unlink and link directories.
The implementation prohibits using link or unlink on directories.
sys_mount
Allows filesystem specific administrative procedures, such as
filesystem configuration ioctls, quota calls and creation/deletion
of snapshots.
Allows a process to mount and unmount filesystems which would
otherwise be restricted (i.e., most filesystems except
namefs).
A process performing a mount operation needs to have
appropriate access to the device being mounted (read-write for
"rw" mounts, read for "ro" mounts).
A process performing any of the aforementioned
filesystem operations needs to have read/write/owner
access to the mount point.
Only regular files and directories can serve as mount points
for processes which do not have all zone privileges asserted.
Unless a process has all zone privileges, the mount(2)
system call will force the "nosuid" and "restrict" options, the
latter only for autofs mountpoints.
Regardless of privileges, a process running in a non-global zone may
only control mounts performed from within said zone.
Outside the global zone, the "nodevices" option is always forced.
sys_iptun_config
Allows a process to configure IP tunnel links.
sys_flow_config
Allows a process to configure flows.
sys_dl_config
Allows a process to configure all classes of datalinks, including
configuration allowed by PRIV_SYS_IPTUN_CONFIG and PRIV_SYS_FLOW_CONFIG.
sys_ib_config
Allows a process to perform all InfiniBand MAD (Management Datagram)
operations.
sys_ib_info
Allows a process to perform read InfiniBand MAD (Management Datagram)
operations.
sys_ip_config
Allows a process to configure a system's IP interfaces and routes.
Allows a process to configure network parameters using ndd.
Allows a process access to otherwise restricted information using ndd.
Allows a process to configure IPsec.
Allows a process to pop anchored STREAMs modules with matching zoneid.
sys_net_config
Allows all that PRIV_SYS_IP_CONFIG, PRIV_SYS_DL_CONFIG,
PRIV_SYS_PPP_CONFIG and PRIV_SYS_IB_CONFIG allow.
Allows a process to push the rpcmod STREAMs module.
Allows a process to INSERT/REMOVE STREAMs modules on locations other
than the top of the module stack.
sys_nfs
Allows a process to perform Sun private NFS specific system calls.
Allows a process to bind to ports reserved by NFS: ports 2049 (nfs)
and port 4045 (lockd).
sys_ppp_config
Allows a process to create and destroy PPP (sppp) interfaces.
Allows a process to configure PPP tunnels (sppptun).
sys_res_bind
Allows a process to bind processes to processor sets.
sys_res_config
Allows all that PRIV_SYS_RES_BIND allows.
Allows a process to create and delete processor sets, assign
CPUs to processor sets and override the PSET_NOESCAPE property.
Allows a process to change the operational status of CPUs in
the system using p_online(2).
Allows a process to configure resource pools and to bind
processes to pools
sys_resource
Allows a process to modify the resource limits specified
by setrlimit(2) and setrctl(2) without restriction.
Allows a process to exceed the per-user maximum number of
processes.
Allows a process to extend or create files on a filesystem that
has less than minfree space in reserve.
sys_share
Allows a process to perform sharefs system call.
sys_smb
Allows a process to access the Sun private SMB kernel module.
Allows a process to bind to ports reserved by NetBIOS and SMB:
ports 137 (NBNS), 138 (NetBIOS Datagram Service), 139 (NetBIOS
Session Service and SMB-over-NBT) and 445 (SMB-over-TCP).
sys_suser_compat
Allows a process to successfully call a third party loadable module
that calls the kernel suser() function to check for allowed access.
This privilege exists only for third party loadable module
compatibility and is not used by Solaris proper.
sys_time
Allows a process to manipulate system time using any of the
appropriate system calls: stime, adjtime, ntp_adjtime and
the IA specific RTC calls.
sys_trans_label
Allows a process to translate labels that are not dominated
by the process' sensitivity label to and from an external
string form.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_colormap
Allows a process to override colormap restrictions.
Allows a process to install or remove colormaps.
Allows a process to retrieve colormap cell entries allocated
by other processes.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_config
Allows a process to configure or destroy resources that are
permanently retained by the X server.
Allows a process to use SetScreenSaver to set the screen
saver timeout value.
Allows a process to use ChangeHosts to modify the display
access control list.
Allows a process to use GrabServer.
Allows a process to use the SetCloseDownMode request which
may retain window, pixmap, colormap, property, cursor, font,
or graphic context resources.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_dac_read
Allows a process to read from a window resource that it does
not own (has a different user ID).
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_dac_write
Allows a process to write to or create a window resource that
it does not own (has a different user ID). A newly created
window property is created with the window's user ID.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_devices
Allows a process to perform operations on window input devices.
Allows a process to get and set keyboard and pointer controls.
Allows a process to modify pointer button and key mappings.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_dga
Allows a process to use the direct graphics access (DGA) X protocol
extensions. Direct process access to the frame buffer is still
required. Thus the process must have MAC and DAC privileges that
allow access to the frame buffer, or the frame buffer must be
allocated to the process.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_downgrade_sl
Allows a process to set the sensitivity label of a window resource
to a sensitivity label that does not dominate the existing
sensitivity label.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_fontpath
Allows a process to set a font path.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_mac_read
Allows a process to read from a window resource whose sensitivity
label is not equal to the process sensitivity label.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_mac_write
Allows a process to create a window resource whose sensitivity
label is not equal to the process sensitivity label.
A newly created window property is created with the window's
sensitivity label.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_selection
Allows a process to request inter-window data moves without the
intervention of the selection confirmer.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_upgrade_sl
Allows a process to set the sensitivity label of a window
resource to a sensitivity label that dominates the existing
sensitivity label.
This privilege is interpreted only if the system is configured
with Trusted Extensions.