What is privilege in exec_attr ?

Posted on 2009-04-21
Last Modified: 2013-12-27
Can we use privileges instead of using uid and euid? I heard of some privilege like 'sys_net_config' and 'net_rawaccess'. Could someone give me more insights in using the privilege in RBAC. Thanks!
Question by:beer9
    LVL 40

    Expert Comment

    LVL 22

    Accepted Solution

    It depends on what you want to do and what you want to accomplish. You can add privileges directly to an account in the
    user_attr file, and after that that account will be able to run the commands that need those privs. For instance, I  do a lot of
    debugging on my lab system, so I add dtrace_user, dtrace_proc and dtrace_kernel to my priv list. that way I can use
    dtrace without doing anything special, I can just do it.

    On the other hand, I also add the "Primary Administrator" role to my profile. This gives me all privs, just as if I were root, but
    only when I use the pfexec command.

    The exec_attr file specifies what happens when certain roles execute certain commands.

    So, what are you really trying to do?

    Author Comment

    Thanks blu for the explanation. It was just my random curiosity and want to know more about it. I want to use it in my lab in order or learn more. Could you please give me step by step procedure to add priv in a user's account.

    What are the list of priv, and there associated command ? Many Thanks! :-)

    Author Closing Comment

    Thansk blu :-)

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    tar syntax help 5 134
    Compare two different files 3 56
    Host issue and need to move VM's 2 185
    Convert OverPunch 25 48
    Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. Please see for the updated article. It is avail…
    A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now