Section 5.5.8. Using Privileges with Role-Based Access Control


5.5.8. Using Privileges with Role-Based Access Control

The Solaris Service Management Facility has the capability to start applications with customized privilege sets. The following is an example from the manifest configuration file for the DNS server, /var/svc/manifest/network/dns/server.xml:

<exec_method         type='method'         name='start'         exec='/usr/sbin/named'         timeout_seconds='60' >         <method_context>         <!--             privileges: file_dac_read, file_dac_search             privileges are necessary for reading the             configuration file even it is restricted by             the file permission. sys_resource privilege             is for setting the resource limits (eg. stack             size)         -->         <method_credential                 user='root'                 group='root'                 privileges='basic,!proc_session,!proc_info,                             !file_link_any,net_privaddr,                             file_dac_read,file_dac_search,                             sys_resource' />         </method_context> </exec_method> 


This runs the DNS server with fewer privileges so that is hardened against some attacks. Although the DNS server runs as root, it is given the "basic" set rather than "all," and has some privileges removed and some added. NET_PRIVADDR is added so that the server can listen on a privileged port (53).




SolarisT Internals. Solaris 10 and OpenSolaris Kernel Architecture
Solaris Internals: Solaris 10 and OpenSolaris Kernel Architecture (2nd Edition)
ISBN: 0131482092
EAN: 2147483647
Year: 2004
Pages: 244

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net