Privilege Debugging in the Solaris 10 Operating System 
by Glenn Brunette and Darren Moffat
February, 2006
The traditional UNIX privilege model is based on the concept of a super-user. In this model, the system associates all of its privileged operations with the root account or — more precisely — the user identifier (UID) 0. All other UIDs are considered unprivileged by the operating system. This "all or nothing" approach to privilege delegation means that any application that must perform a privileged operation, such as a binding to a reserved network port (for example, one whose port number is less than 1024), must be started as root.
Starting applications in this manner, however, is inherently risky because it means that the application will have privilege to do anything on the system. Administrators are forced to trust the applications to use only the privileges that they need and only in the ways that are expected. Consequently, disaster could ensue should the application not manage its use of privilege safely, or should the application be misconfigured or exploited in some way.
This Sun BluePrints article describes how to profile applications and services in order to determine which Solaris 10 privileges they attempt to use. With this information, organizations can then restrict those applications and services so that they are granted only the absolutely necessary privileges that they need to fulfill their intended purpose.
Sign up or Log in to add a comment or watch this page.