ppriv(1) - osol9

1ppriv(1)                         User Commands                        ppriv(1)
2
3
4

NAME

6       ppriv - inspect or modify process privilege sets and attributes
7

SYNOPSIS

9       /usr/bin/ppriv -e [-D | -N] [-M] [-s spec] command [arg]...
10
11
12       /usr/bin/ppriv [-v] [-S] [-D | -N] [-s spec]
13            [pid | core]...
14
15
16       /usr/bin/ppriv -l [-v] [privilege-specification]...
17
18

DESCRIPTION

20       The  first  invocation  of the ppriv command runs the command specified
21       with the privilege sets and flags modified according to  the  arguments
22       on the command line.
23
24
25       The  second  invocation examines or changes the privilege state of run‐
26       ning process and core files.
27
28
29       The third invocation lists the privileges defined and information about
30       specified privileges or privileges set specifications.
31

OPTIONS

33       The following options are supported:
34
35       -D         Turns  on  privilege  debugging for the processes or command
36                  supplied.
37
38
39       -e         Interprets the remainder of the arguments as a command  line
40                  and   runs   the   command  line  with  specified  privilege
41                  attributes and sets.
42
43
44       -l         Lists all currently defined privileges on stdout.
45
46
47       -M         When a system is configured with  Trusted  Extensions,  this
48                  option  turns on the NET_MAC_AWARE and NET_MAC_AWARE_INHERIT
49                  process attributes.
50
51                  A process with these attributes and the net_mac_aware privi‐
52                  lege can communicate with lower-level remote peers.
53
54
55       -N         Turns  off  privilege debugging for the processes or command
56                  supplied.
57
58
59       -s spec    Modifies a process's privilege sets  according  to  spec,  a
60                  specification  with the format [AEILP][+-=]privsetspec, con‐
61                  taining no spaces, where:
62
63                  AEILP          Indicates  one  or  more  letters  indicating
64                                 which  privilege  sets  to  change. These are
65                                 case insensitive, for example, either a or  A
66                                 indicates all privilege sets.
67
68
69                  +-=            Indicates a modifier to respectively add (+),
70                                 remove (-), or assign (=) the  listed  privi‐
71                                 leges to the specified set(s) in privsetspec.
72
73
74                  privsetspec    Indicates  a  comma-separated  privilege  set
75                                 specification (priv1,priv2, and  so  on),  as
76                                 described in priv_str_to_set(3C).
77
78                  Modifying  the same set with multiple -s options is possible
79                  as long as there is either precisely one  assignment  to  an
80                  individual set or any number of additions and removals. That
81                  is, assignment and addition or removal for one set are mutu‐
82                  ally exclusive.
83
84
85       -S         Short.  Reports  the  shortest  possible  output strings for
86                  sets.    The    default    is    portable    output.     See
87                  priv_str_to_set(3C).
88
89
90       -v         Verbose. Reports privilege sets using privilege names.
91
92

USAGE

94       The  ppriv  utility  examines  processes  and  core files and prints or
95       changes their privilege sets.
96
97
98       ppriv can run commands with privilege debugging on or off or with fewer
99       privileges than the invoking process.
100
101
102       When  executing a sub process, the only sets that can be modified are L
103       and I. Privileges can only be removed from L and I as ppriv starts with
104       P=E=I.
105
106
107       ppriv can also be used to remove privileges from processes or to convey
108       privileges to other processes. In  order  to  control  a  process,  the
109       effective  set  of  the  ppriv  utility must be a super set of the con‐
110       trolled process's E, I, and P. The utility's limit set must be a  super
111       set  of  the  target's  limit  set. If the target's process uids do not
112       match, the {PRIV_PROC_OWNER} privilege must be asserted  in  the  util‐
113       ity's  effective set. If the controlled processes have any uid with the
114       value 0, more restrictions might exist. See privileges(5).
115

EXAMPLES

117       Example 1 Obtaining the Process Privileges of the Current Shell
118
119
120       The following example obtains the process  privileges  of  the  current
121       shell:
122
123
124         example$ ppriv $$
125         387:   -sh
126         flags = <none>
127                  E: basic
128                  I: basic
129                  P: basic
130                  L: all
131
132
133
134       Example 2 Removing a Privilege From Your Shell's Inheritable and Effec‐
135       tive Set
136
137
138       The following example removes a privilege from your shell's inheritable
139       and effective set.
140
141
142         example$ ppriv -s EI-proc_session $$
143
144
145
146
147       The  subprocess can still inspect the parent shell but it can no longer
148       influence the parent because the parent has more privileges in its Per‐
149       mitted set than the ppriv child process:
150
151
152         example$ truss -p $$
153         truss: permission denied: 387
154
155         example$ ppriv $$
156         387:   -sh
157         flags = <none>
158                  E: basic,!proc_session
159                  I: basic,!proc_session
160                  P: basic
161                  L: all
162
163
164
165       Example 3 Running a Process with Privilege Debugging
166
167
168       The following example runs a process with privilege debugging:
169
170
171         example$ ppriv -e -D cat /etc/shadow
172         cat[418]: missing privilege "file_dac_read" (euid = 21782),
173                             needed at ufs_access+0x3c
174         cat: cannot open /etc/shadow
175
176
177
178
179       The privilege debugging error messages are sent to the controlling ter‐
180       minal of the current process. The needed at address specification is an
181       artifact of the kernel implementation and it can be changed at any time
182       after a software update.
183
184
185
186       The  system  call  number  can  be  mapped  to  a  system  call   using
187       /etc/name_to_sysnum.
188
189
190       Example 4 Listing the Privileges Available in the Current Zone
191
192
193       The  following  example  lists  the privileges available in the current
194       zone (see zones(5)). When run in the global zone,  all  defined  privi‐
195       leges are listed.
196
197
198         example$ ppriv -l zone
199          ... listing of all privileges elided ...
200
201
202
203       Example 5 Examining a Privilege Aware Process
204
205
206       The following example examines a privilege aware process:
207
208
209         example$ ppriv -S `pgrep rpcbind`
210
211
212         928:    /usr/sbin/rpcbind
213         flags = PRIV_AWARE
214                 E: net_privaddr,proc_fork,sys_nfs
215                 I: none
216                 P: net_privaddr,proc_fork,sys_nfs
217                 L: none
218
219
220
221
222       See setpflags(2) for explanations of the flags.
223
224

EXIT STATUS

226       The following exit values are returned:
227
228       0           Successful operation.
229
230
231       non-zero    An error has occurred.
232
233

FILES

235       /proc/*                Process files
236
237
238       /etc/name_to_sysnum    system call name to number mapping
239
240

ATTRIBUTES

242       See attributes(5) for descriptions of the following attributes:
243
244
245
246
247       ┌─────────────────────────────┬─────────────────────────────┐
248       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
249       ├─────────────────────────────┼─────────────────────────────┤
250       │Availability                 │SUNWesu                      │
251       ├─────────────────────────────┼─────────────────────────────┤
252       │Interface Stability          │See below.                   │
253       └─────────────────────────────┴─────────────────────────────┘
254
255
256       The invocation is Committed. The output is Uncommitted.
257