5.5.8. Using Privileges with Role-Based Access ControlThe Solaris Service Management Facility has the capability to start applications with customized privilege sets. The following is an example from the manifest configuration file for the DNS server, /var/svc/manifest/network/dns/server.xml: <exec_method type='method' name='start' exec='/usr/sbin/named' timeout_seconds='60' > <method_context> <!-- privileges: file_dac_read, file_dac_search privileges are necessary for reading the configuration file even it is restricted by the file permission. sys_resource privilege is for setting the resource limits (eg. stack size) --> <method_credential user='root' group='root' privileges='basic,!proc_session,!proc_info, !file_link_any,net_privaddr, file_dac_read,file_dac_search, sys_resource' /> </method_context> </exec_method> This runs the DNS server with fewer privileges so that is hardened against some attacks. Although the DNS server runs as root, it is given the "basic" set rather than "all," and has some privileges removed and some added. NET_PRIVADDR is added so that the server can listen on a privileged port (53). |