svcadm(8)을 검색하려면 섹션에서 8 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
ppriv(1)
ppriv(1) User Commands ppriv(1)
NAME
ppriv - inspect or modify process privilege sets and attributes
SYNOPSIS
/usr/bin/ppriv -e [-f {+-}{ADKMPRSTUX}] [-s spec] [-r rule]
command [arg]...
/usr/bin/ppriv [-vn] [-f {+-}{ADKMPRSTUX}] [-S] [-s spec]
[-r rule][pid | core]...
/usr/bin/ppriv -l [-vn] [privilege-specification | extended-policy]...
/usr/bin/ppriv -q [-f {+-}{ADKMPRSTUX} [privilege-specification]
DESCRIPTION
The first invocation of the ppriv command runs the command specified
with the privilege sets and flags modified according to the arguments
on the command line.
The second invocation examines or changes the privilege state of run‐
ning process and core files.
The third invocation lists the privileges defined and information about
specified privileges or privileges set specifications.
OPTIONS
The following options are supported:
-D
Obsolete. Same as -f +D.
-e
Interprets the remainder of the arguments as a command line and
runs the command line with specified privilege attributes and sets.
-f {+-} {ADKMPRSTUX}
To set or unset the process flags of the processes or the command
supplied. For more information, see the setpflags(2) man page.
D PRIV_DEBUG
M NET_MAC_AWARE, NET_MAC_AWARE_INHERIT
P PRIV_PFEXEC
A PRIV_PFEXEC_AUTH
K PRIV_TPD_KILLABLE
R PRIV_PROC_TPD_RESET
S PRIV_PROC_SENSITIVE
Warning: Unsetting this flag can expose potentially sensitive
data to other processes with proc_owner privilege, regardless
of ownership
T PRIV_PROC_TPD
U PRIV_TPD_UNSAFE
X PRIV_XPOLICY
-l
Lists all currently defined privileges on stdout.
-M
Obsolete. Same as -f +M.
-n
Shows port numbers and users as numbers. Normally, ppriv shows port
numbers and users as symbols. This option is only applicable when
displaying Extended Policies.
-N
Obsolete. Same as -f -D.
-P
Obsolete. Same as -f +P.
-s spec
Modifies a process's privilege sets according to spec, a specifica‐
tion with the format [AEILP][+-=]privsetspec, containing no spaces,
where:
AEILP
Indicates one or more letters indicating which privilege sets
to change. These are case insensitive, for example, either a or
A indicates all privilege sets.
For definitions of the single letter abbreviations for privi‐
lege sets, see privileges(7).
+-=
Indicates a modifier to respectively add (+), remove (-), or
assign (=) the listed privileges to the specified set(s) in
privsetspec.
privsetspec
Indicates a comma-separated privilege set specification
(priv1,priv2, and so on), as described in priv_str_to_set(3C).
Modifying the same set with multiple -s options is possible as long
as there is either precisely one assignment to an individual set or
any number of additions and removals. That is, assignment and addi‐
tion or removal for one set are mutually exclusive.
-q
Tests whether privileges are in the effective set and whether flags
are set or non-set. The programs exists successfully when all tests
are fulfilled.
-r rule
Install an Extended Policy. For more information, see the privi‐
leges(7) man page.
Multiple rules can be specified. The new rules are added to the
existing policy. To replace an existing policy, first remove it
with -X, and then add the new policy with -r.
-S
Short. Reports the shortest possible output strings for sets. The
default is portable output. For more information, see the
priv_str_to_set(3C) man page.
-X
Obsolete. Same as -f -X.
-v
Verbose. Reports privilege sets using privilege names.
-?
--help
Print usage message and immediately exit.
USAGE
The ppriv utility examines processes and core files and prints or
changes their privilege sets.
ppriv can run commands with privilege debugging on or off or with fewer
privileges than the invoking process.
When executing a sub process, the only sets that can be modified are L
and I. Privileges can only be removed from L and I as ppriv starts with
P=E=I.
ppriv can also be used to remove privileges from processes or to convey
privileges to other processes. In order to control a process, the
effective set of the ppriv utility must be a super set of the con‐
trolled process's E, I, and P. The utility's limit set must be a super
set of the target's limit set. If the target's process uids do not
match, the {PRIV_PROC_OWNER} privilege must be asserted in the util‐
ity's effective set. If the controlled processes have any uid with the
value 0, more restrictions might exist. For more information, see the
privileges(7) man page.
EXAMPLES
Example 1 Obtaining the Process Privileges of the Current Shell
The following example obtains the process privileges of the current
shell:
example$ ppriv $$
387: -sh
flags = <none>
E: basic
I: basic
P: basic
L: all
Example 2 Removing a Privilege from the Inheritable and Effective Sets
The following example removes a privilege from your shell's inheritable
and effective set.
example$ ppriv -s EI-proc_session $$
The subprocess can still inspect the parent shell but it can no longer
influence the parent because the parent has more privileges in its Per‐
mitted set than the ppriv child process:
example$ truss -p $$
truss: permission denied: 387
example$ ppriv $$
387: -sh
flags = <none>
E: basic,!proc_session
I: basic,!proc_session
P: basic
L: all
Example 3 Running a Process with Privilege Debugging
The following example runs a process with privilege debugging:
example$ ppriv -e -f +D cat /etc/shadow
cat[418]: missing privilege "file_dac_read" (euid = 21782,
syscall = "openat") for "/etc/shadow" at zfs_zaccess+0x284
cat: cannot open /etc/shadow
The privilege debugging error messages are sent to the controlling ter‐
minal of the current process. The needed at address specification is an
artifact of the kernel implementation and it can be changed at any time
after a software update.
The system call number can be mapped to a system call using
/etc/name_to_sysnum .
Example 4 Listing the Privileges Available in the Current Zone
The following example lists the privileges available in the current
zone (see zones(7)). When run in the global zone, all defined privi‐
leges are listed.
example$ ppriv -l zone
... listing of all privileges elided ...
Example 5 Examining a Privilege Aware Process
The following example examines a privilege aware process:
example$ ppriv -S 'pgrep rpcbind'
928: /usr/sbin/rpcbind
flags = PRIV_AWARE
E: net_privaddr,proc_fork,sys_nfs
I: none
P: net_privaddr,proc_fork,sys_nfs
L: none
See setpflags(2) for explanations of the flags.
Example 6 Running a Process Under an Extended Policy
The following example runs a process under an extended policy:
example$ ppriv -r '{file_write}:/home/casper/.mozilla/*' \
-r '{file_write}:/tmp/*,{proc_exec}:/usr/*' -e firefox
See privileges(7).
Example 7 Examining a Process that Has been Started
The following example examines the process that was started in example
6:
example$ ppriv 101272
101272: /usr/lib/firefox/firefox-bin
flags = PRIV_XPOLICY
Extended policies:
{file_write}:/home/casper/.mozilla/*
{file_write}:/tmp/*
{proc_exec}:/usr/*
E: basic,!file_write,!proc_exec
I: basic,!file_write,!proc_exec
P: basic,!file_write,!proc_exec
L: all
Example 8 Testing for Flags and Privileges
The following example tests for flags and privileges:
if ppriv -q -f +D file_read; then
echo Privilege debugging is enabled
echo and file_read privilege detected
fi
EXIT STATUS
The following exit values are returned:
0 Successful operation.
non-zero An error has occurred.
FILES
/proc/* Process files
/etc/name_to_sysnum system call name to number mapping
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/core-os _ Interface StabilitySee
below
The invocation is Committed. The output is Uncommitted.
SEE ALSO
gcore(1), truss(1), setpflags(2), priv_str_to_set(3C), proc(5),
attributes(7), privileges(7), tpd(7), zones(7)
HISTORY
The K and R flags for the -f option were added in Oracle Solaris
11.4.0.
The S flag for the -f option was added in Oracle Solaris 11.3.20.
The -f and -q options, and the A, D, M, P, T, U, and X flags for the -f
option, were added in Oracle Solaris 11.2.0. The -D, -M, -N, -P, and -X
options were declared obsolete at the same time.
The -n, -r, and -X options, and support for Extended Policies, were
added in Oracle Solaris 11.1.0.
The -P option was added in Oracle Solaris 11.0.0.
The -M option was added in Solaris 10 11/06 (Update 3).
The ppriv command, with support for the -D, -e, -l, -N, -S, -s, and -v
options, was added in Solaris 10 3/05.
Oracle Solaris 11.4 18 September 2021 ppriv(1)