Chapter 35. Security

Table of Contents

Privileges
Privileged Use of DTrace
dtrace_proc Privilege
dtrace_user Privilege
dtrace_kernel Privilege
Super User Privileges

Privileges

The Solaris Least Privilege facility enables administrators to grant specific privileges to specific Solaris users. To give a user a privilege on login, insert a line into the /etc/user_attr file of the form:

user-name::::defaultpriv=basic,privilege

To give a running process an additional privilege, use the ppriv ( 1 ) command:

# ppriv -s A+privilege process-ID

The three privileges that control a user's access to DTrace features are dtrace_proc, dtrace_user, and dtrace_kernel. Each privilege permits the use of a certain set of DTrace providers, actions, and variables, and each corresponds to a particular type of use of DTrace. The privilege modes are described in detail in the following sections. System administrators should carefully weigh each user's need against the visibility and performance impact of the different privilege modes. Users need at least one of the three DTrace privileges in order to use any of the DTrace functionality.