Specifications

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 3 - DEVELOPER TOOLS GUIDE

101

102

103

104

105

106

107

108

109

110

Red Hat Enterprise Linux to Oracle Solaris Porting Guide

103

TABLE A-1. ORACLE SOLARIS 11 SECURITY PRIVILEGES

PRIVILEGE NAME DESCRIPTION

PRIV_SYS_AUDIT Allow a process to start the (kernel) audit daemon. Allow a process

to view and set audit state (audit user ID, audit terminal ID, audit

sessions ID, audit pre-selection mask). Allow a process to turn off

and on auditing. Allow a process to configure the audit parameters

(cache and queue sizes, event-to-class mappings, and policy

options).

PRIV_SYS_CONFIG Allow a process to perform various system configuration tasks.

Allow file system–specific administrative procedures, such as file

system configuration ioctls, quota calls, creation and deletion of

snapshots, and manipulating the PCFS boot sector.

PRIV_SYS_DEVICES Allow a process to create device-special files. Allow a process to

successfully call a kernel module that calls the kernel

drv_priv(9F)

function to check for allowed access. Allow a

process to open the real console device directly. Allow a process to

open devices that have been exclusively opened.

PRIV_SYS_IPC_CONFIG Allow a process to increase the size of a System V IPC message

queue buffer.

PRIV_SYS_LINKDIR Allow a process to unlink and link directories.

PRIV_SYS_MOUNT Allow a process to mount and unmount file systems that would

otherwise be restricted (that is, most file systems except namefs).

Allow a process to add and remove swap devices.

PRIV_SYS_IP_CONFIG Allow a process to configure a system's network interfaces and

routes. Allow a process to configure network parameters for

TCP/IP using ndd. Allow a process access to otherwise restricted

TCP/IP information using ndd. Allow a process to configure IPsec.

Allows a process to pop anchored STREAMs modules with a

matching zoneid.

PRIV_SYS_NET_CONFIG Allow a process to do all that PRIV_SYS_IP_CONFIG allows, plus

the following: Push the rpcmod STREAMS module, insert and

remove STREAMS modules on locations other than the top of the

module stack, and configure data links (NICs).

PRIV_SYS_NFS Allow a process to provide NFS service: Start NFS kernel threads,

perform NFS-locking operations, bind to NFS reserved ports 2049

(

nfs

) and port 4045 (

lockd