Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1‎ > ‎

ppriv


NAME
     ppriv - inspect or modify process privilege sets and  attri-
     butes

SYNOPSIS
     /usr/bin/ppriv -e [-D | -N] [-M] [-s spec] command [arg]...


     /usr/bin/ppriv [-v] [-S] [-D | -N] [-s spec]
         [pid | core]...


     /usr/bin/ppriv -l [-v] [privilege-specification]...


DESCRIPTION
     The first invocation of the ppriv command runs  the  command
     specified with the privilege sets and flags modified accord-
     ing to the arguments on the command line.


     The second invocation  examines  or  changes  the  privilege
     state of running process and core files.


     The third invocation lists the privileges defined and infor-
     mation about specified privileges or privileges set specifi-
     cations.

OPTIONS
     The following options are supported:

     -D         Turns on privilege debugging for the processes or
                command supplied.


     -e         Interprets the remainder of the  arguments  as  a
                command  line  and  runs  the  command  line with
                specified privilege attributes and sets.


     -l         Lists all currently defined privileges on stdout.


     -M         When a system is configured with  Trusted  Exten-
                sions, this option turns on the NET_MAC_AWARE and
                NET_MAC_AWARE_INHERIT process attributes.

                A  process  with   these   attributes   and   the
                net_mac_aware   privilege  can  communicate  with
                lower-level remote peers.

     -N         Turns off privilege debugging for  the  processes
                or command supplied.


     -s spec    Modifies a process's privilege sets according  to
                spec,  a specification with the format [AEILP][+-
                =]privsetspec, containing no spaces, where:

                AEILP          Indicates  one  or  more   letters
                               indicating which privilege sets to
                               change. These  are  case  insensi-
                               tive,  for  example, either a or A
                               indicates all privilege sets.


                +-=            Indicates a  modifier  to  respec-
                               tively  add  (+),  remove  (-), or
                               assign (=) the  listed  privileges
                               to   the   specified   set(s)   in
                               privsetspec.


                privsetspec    Indicates    a     comma-separated
                               privilege     set    specification
                               (priv1,priv2,  and  so   on),   as
                               described in priv_str_to_set(3C).

                Modifying the same set with multiple  -s  options
                is  possible as long as there is either precisely
                one assignment to an individual set or any number
                of  additions  and  removals. That is, assignment
                and addition or removal for one set are  mutually
                exclusive.


     -S         Short.  Reports  the  shortest  possible   output
                strings for sets. The default is portable output.
                See priv_str_to_set(3C).


     -v         Verbose. Reports privilege sets  using  privilege
                names.


USAGE
     The ppriv utility examines  processes  and  core  files  and
     prints or changes their privilege sets.


     ppriv can run commands with privilege debugging on or off or
     with fewer privileges than the invoking process.

     When executing a sub process, the  only  sets  that  can  be
     modified  are L and I. Privileges can only be removed from L
     and I as ppriv starts with P=E=I.


     ppriv can also be used to remove privileges  from  processes
     or to convey privileges to other processes. In order to con-
     trol a process, the effective set of the ppriv utility  must
     be  a super set of the controlled process's E, I, and P. The
     utility's limit set must be a  super  set  of  the  target's
     limit  set.  If  the target's process uids do not match, the
     {PRIV_PROC_OWNER}  privilege  must  be   asserted   in   the
     utility's  effective  set.  If the controlled processes have
     any uid with the value 0, more restrictions may  exist.  See
     privileges(5).

EXAMPLES
     Example 1 Obtaining the Process Privileges  of  the  Current
     Shell

       example$ ppriv $$
       387:   -sh
       flags = <none>
               E: basic
               I: basic
               P: basic
               L: all



     Example 2 Removing a Privilege From Your Shell's Inheritable
     and Effective set

       example$ ppriv -s EI-proc_session $$




     The subprocess can still inspect the parent shell but it can
     no  longer  influence the parent because the parent has more
     privileges in its Permitted set than the  ppriv  child  pro-
     cess:


       example$ truss -p $$
       truss: permission denied: 387

       example$ ppriv $$
       387:   -sh
       flags = <none>
               E: basic,!proc_session
               I: basic,!proc_session
               P: basic
               L: all



     Example 3 Running a Process with Privilege Debugging

       example$ ppriv -e -D cat /etc/shadow
       cat[418]: missing privilege "file_dac_read" (euid = 21782),
                          needed at ufs_access+0x3c
       cat: cannot open /etc/shadow




     The privilege debugging error messages are sent to the  con-
     trolling  terminal  of  the current process. The "needed at"
     address specification is an artifact of the kernel implemen-
     tation  and  it  can be changed at any time after a software
     update.



     The system call number can be mapped to a system call  using
     /etc/name_to_sysnum.


     Example 4 Listing the Privileges Available  in  the  Current
     Zone


     This example lists the privileges available in  the  current
     zone  (see  zones(5)).  When  run  in  the  global zone, all
     defined privileges are listed.


       example$ ppriv -l zone



     Example 5 Examining a Privilege Aware Process


     The following example examines a privilege aware process:


       example$ ppriv -S `pgrep rpcbind`


       928:    /usr/sbin/rpcbind
       flags = PRIV_AWARE
              E: net_privaddr,proc_fork,sys_nfs
              I: none
              P: net_privaddr,proc_fork,sys_nfs
              L: none




     See setpflags(2) for explanations of the flags.


EXIT STATUS
     The following exit values are returned:

     0           Successful operation.


     non-zero    An error has occurred.


FILES
     /proc/*                Process files


     /etc/name_to_sysnum    system call name to number mapping


ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:



     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWesu                     |
    |_____________________________|_____________________________|
    | Interface Stability         | See below.                  |
    |_____________________________|_____________________________|



     The invocation is Evolving. The output is Unstable.

SEE ALSO
     gcore(1),   truss(1),   setpflags(2),   priv_str_to_set(3C),
     proc(4), attributes(5), privileges(5), zones(5)






Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.
Comments