Table of Contents
The Solaris Least Privilege facility enables administrators to grant specific privileges to specific Solaris users. To give a user a privilege on login, insert a line into the /etc/user_attr
file of the form:
user-name
::::defaultpriv=basic,privilege
To give a running process an additional privilege, use the ppriv ( 1 ) command:
# ppriv -s A+privilege
process-ID
The three privileges that control a user's access to DTrace features are dtrace_proc
, dtrace_user
, and dtrace_kernel
. Each privilege permits the use of a certain set of DTrace providers, actions, and variables, and each corresponds to a particular type of use of DTrace. The privilege modes are described in detail in the following sections. System administrators should carefully weigh each user's need against the visibility and performance impact of the different privilege modes. Users need at least one of the three DTrace privileges in order to use any of the DTrace functionality.