1ppriv(1) User Commands ppriv(1)
2
3
4
6 ppriv - inspect or modify process privilege sets and attributes
7
9 /usr/bin/ppriv -e [-D | -N] [-M] [-s spec] command [arg]...
10
11
12 /usr/bin/ppriv [-v] [-S] [-D | -N] [-s spec]
13 [pid | core]...
14
15
16 /usr/bin/ppriv -l [-v] [privilege-specification]...
17
18
20 The first invocation of the ppriv command runs the command specified
21 with the privilege sets and flags modified according to the arguments
22 on the command line.
23
24
25 The second invocation examines or changes the privilege state of run‐
26 ning process and core files.
27
28
29 The third invocation lists the privileges defined and information about
30 specified privileges or privileges set specifications.
31
33 The following options are supported:
34
35 -D Turns on privilege debugging for the processes or command
36 supplied.
37
38
39 -e Interprets the remainder of the arguments as a command line
40 and runs the command line with specified privilege
41 attributes and sets.
42
43
44 -l Lists all currently defined privileges on stdout.
45
46
47 -M When a system is configured with Trusted Extensions, this
48 option turns on the NET_MAC_AWARE and NET_MAC_AWARE_INHERIT
49 process attributes.
50
51 A process with these attributes and the net_mac_aware privi‐
52 lege can communicate with lower-level remote peers.
53
54
55 -N Turns off privilege debugging for the processes or command
56 supplied.
57
58
59 -s spec Modifies a process's privilege sets according to spec, a
60 specification with the format [AEILP][+-=]privsetspec, con‐
61 taining no spaces, where:
62
63 AEILP Indicates one or more letters indicating
64 which privilege sets to change. These are
65 case insensitive, for example, either a or A
66 indicates all privilege sets.
67
68
69 +-= Indicates a modifier to respectively add (+),
70 remove (-), or assign (=) the listed privi‐
71 leges to the specified set(s) in privsetspec.
72
73
74 privsetspec Indicates a comma-separated privilege set
75 specification (priv1,priv2, and so on), as
76 described in priv_str_to_set(3C).
77
78 Modifying the same set with multiple -s options is possible
79 as long as there is either precisely one assignment to an
80 individual set or any number of additions and removals. That
81 is, assignment and addition or removal for one set are mutu‐
82 ally exclusive.
83
84
85 -S Short. Reports the shortest possible output strings for
86 sets. The default is portable output. See
87 priv_str_to_set(3C).
88
89
90 -v Verbose. Reports privilege sets using privilege names.
91
92
94 The ppriv utility examines processes and core files and prints or
95 changes their privilege sets.
96
97
98 ppriv can run commands with privilege debugging on or off or with fewer
99 privileges than the invoking process.
100
101
102 When executing a sub process, the only sets that can be modified are L
103 and I. Privileges can only be removed from L and I as ppriv starts with
104 P=E=I.
105
106
107 ppriv can also be used to remove privileges from processes or to convey
108 privileges to other processes. In order to control a process, the
109 effective set of the ppriv utility must be a super set of the con‐
110 trolled process's E, I, and P. The utility's limit set must be a super
111 set of the target's limit set. If the target's process uids do not
112 match, the {PRIV_PROC_OWNER} privilege must be asserted in the util‐
113 ity's effective set. If the controlled processes have any uid with the
114 value 0, more restrictions might exist. See privileges(5).
115
117 Example 1 Obtaining the Process Privileges of the Current Shell
118
119
120 The following example obtains the process privileges of the current
121 shell:
122
123
124 example$ ppriv $$
125 387: -sh
126 flags = <none>
127 E: basic
128 I: basic
129 P: basic
130 L: all
131
132
133
134 Example 2 Removing a Privilege From Your Shell's Inheritable and Effec‐
135 tive Set
136
137
138 The following example removes a privilege from your shell's inheritable
139 and effective set.
140
141
142 example$ ppriv -s EI-proc_session $$
143
144
145
146
147 The subprocess can still inspect the parent shell but it can no longer
148 influence the parent because the parent has more privileges in its Per‐
149 mitted set than the ppriv child process:
150
151
152 example$ truss -p $$
153 truss: permission denied: 387
154
155 example$ ppriv $$
156 387: -sh
157 flags = <none>
158 E: basic,!proc_session
159 I: basic,!proc_session
160 P: basic
161 L: all
162
163
164
165 Example 3 Running a Process with Privilege Debugging
166
167
168 The following example runs a process with privilege debugging:
169
170
171 example$ ppriv -e -D cat /etc/shadow
172 cat[418]: missing privilege "file_dac_read" (euid = 21782),
173 needed at ufs_access+0x3c
174 cat: cannot open /etc/shadow
175
176
177
178
179 The privilege debugging error messages are sent to the controlling ter‐
180 minal of the current process. The needed at address specification is an
181 artifact of the kernel implementation and it can be changed at any time
182 after a software update.
183
184
185
186 The system call number can be mapped to a system call using
187 /etc/name_to_sysnum.
188
189
190 Example 4 Listing the Privileges Available in the Current Zone
191
192
193 The following example lists the privileges available in the current
194 zone (see zones(5)). When run in the global zone, all defined privi‐
195 leges are listed.
196
197
198 example$ ppriv -l zone
199 ... listing of all privileges elided ...
200
201
202
203 Example 5 Examining a Privilege Aware Process
204
205
206 The following example examines a privilege aware process:
207
208
209 example$ ppriv -S `pgrep rpcbind`
210
211
212 928: /usr/sbin/rpcbind
213 flags = PRIV_AWARE
214 E: net_privaddr,proc_fork,sys_nfs
215 I: none
216 P: net_privaddr,proc_fork,sys_nfs
217 L: none
218
219
220
221
222 See setpflags(2) for explanations of the flags.
223
224
226 The following exit values are returned:
227
228 0 Successful operation.
229
230
231 non-zero An error has occurred.
232
233
235 /proc/* Process files
236
237
238 /etc/name_to_sysnum system call name to number mapping
239
240
242 See attributes(5) for descriptions of the following attributes:
243
244
245
246
247 ┌─────────────────────────────┬─────────────────────────────┐
248 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
249 ├─────────────────────────────┼─────────────────────────────┤
250 │Availability │SUNWesu │
251 ├─────────────────────────────┼─────────────────────────────┤
252 │Interface Stability │See below. │
253 └─────────────────────────────┴─────────────────────────────┘
254
255
256 The invocation is Committed. The output is Uncommitted.
257
259 gcore(1), truss(1), setpflags(2), priv_str_to_set(3C), proc(4),
260 attributes(5), privileges(5), zones(5)
261
262
263
264SunOS 5.11 24 Feb 2008 ppriv(1)