Programming in the Solaris OS With Privileges 0
Another good introductory article for Solaris developers that want to learn how to use Solaris 10 privileges. Written by Rich Teer, author of the Solaris developer’s bible : Solaris System Programming.
Another good introductory article for Solaris developers that want to learn how to use Solaris 10 privileges. Written by Rich Teer, author of the Solaris developer’s bible : Solaris System Programming.
Another good document from Glenn Brunette. Privilege bracketing for a process allows you to :
1. drop any privileges that it will never need;
2. enable the remaining privileges exactly when it needs them;
3. relinquishe the use of privileges when they are no longer needed
A new blueprint document from Glenn Brunette of Sun that describes a number of ways to find out which privilege is required to run a certain application as user “whatever”. Besides the known option of the ppriv command, the privdebug perl script uses DTrace to provide easy observation.
The author then uses privdebug to find out how to build the list of required privileges to start Apache as user “whatever”, be it in the Global zone or in non-global zones. A good document to learn about privileges.
View the document
The privdebug script at OpenSolaris
A easy-to-understand Howto found in OpenSolaris that describes how to implement privilege bracketing when developing privilege-aware software. The action of granting your process the privileges that it needs only when and for the exact duration it needs it.
T: OpenSolaris, privilegesPlaying with user_attr database
========================
Last Edited : 16/02/2005
This paper is meant to illustrate the new possibilities of the /etc/user_attr database. Up to Solaris 9, the database could be used to assign RBAC profiles, roles and authorizations to users as well as a default project.
3 new parameters are introduced as of Solaris 10.