Specifications

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 3 - DEVELOPER TOOLS GUIDE

101

102

103

104

105

106

107

108

109

110

Red Hat Enterprise Linux to Oracle Solaris Porting Guide

100

TABLE A-1. ORACLE SOLARIS 11 SECURITY PRIVILEGES

PRIVILEGE NAME DESCRIPTION

PRIV_FILE_DAC_SEARCH Allow a process to search a directory whose permission bits or ACL

would not otherwise allow the process search permission.

PRIV_FILE_DAC_WRITE Allow a process to write a file or directory whose permission bits or

ACL do not allow the process write permission. All privileges are

required to write files owned by UID 0 in the absence of an

effective UID of 0.

PRIV_FILE_DOWNGRADE_SL Allow a process to set the sensitivity label of a file or directory to a

sensitivity label that does not dominate the existing sensitivity label.

This privilege is interpreted only if the system is configured with

Trusted Extensions.

PRIV_FILE_LINK_ANY Allow a process to create hardlinks to files owned by a UID

different from the process's effective UID.

PRIV_FILE_OWNER Allow a process that is not the owner of a file to modify that file's

access and modification times. Allow a process that is not the

owner of a directory to modify that directory's access and

modification times. Allow a process that is not the owner of a file or

directory to remove or rename a file or directory whose parent

directory has the “save text image after execution” (sticky) bit set.

Allow a process that is not the owner of a file to mount a namefs

upon that file. Allow a process that is not the owner of a file or

directory to modify that file's or directory's permission bits or ACL.

PRIV_FILE_SETID Allow a process to change the ownership of a file or write to a file

without the set-user-ID and set-group-ID bits being cleared.

Allow a process to set the set-group-ID bit on a file or directory

whose group is not the process's effective group or one of the

process's supplemental groups. Allow a process to set the

set-user-ID bit on a file with different ownership in the presence

of PRIV_FILE_OWNER. Additional restrictions apply when creating

or modifying a setuid 0 file.

PRIV_FILE_UPGRADE_SL Allow a process to set the sensitivity label of a file or directory to a

sensitivity label that dominates the existing sensitivity label.

PRIV_GRAPHICS_ACCESS Allow a process to make privileged ioctls to graphics devices.

Typically only an xserver process needs to have this privilege. A

process with this privilege is also allowed to perform privileged

graphics device mappings.

PRIV_GRAPHICS_MAP Allow a process to perform privileged mappings through a graphics

device.