System Administration Guide: Virtualization Using the Solaris Operating System
Previous Next

Using the ppriv Utility

Use the ppriv utility to display the zone's privileges.

How to List Solaris Privileges in the Global Zone

Use the ppriv utility with the -l option to list the privileges available on the system.

  • At the prompt, type ppriv -l zone to report the set of privileges available in the zone.
    global# ppriv -l zone

    You will see a display similar to this:

    contract_event
    contract_observer
    cpc_cpu
    .
    .
    .

How to List the Non-Global Zone's Privilege Set

Use the ppriv utility with the -l option and the expression zone to list the zone's privileges.

  1. Log into the non-global zone. This example uses a zone named my-zone.
  2. At the prompt, type ppriv -l zone to report the set of privileges available in the zone.
    my-zone# ppriv -l zone

    You will see a display similar to this:

    contract_event
    contract_observer
    file_chown
    
    .
    .
    .

How to List a Non-Global Zone's Privilege Set With Verbose Output

Use the ppriv utility with the -l option, the expression zone, and the -v option to list the zone's privileges.

  1. Log into the non-global zone. This example uses a zone named my-zone.
  2. At the prompt, type ppriv -l -v zone to report the set of privileges available in the zone, with a description of each privilege.
    my-zone# ppriv -lv zone

    You will see a display similar to this:

    contract_event
            Allows a process to request critical events without limitation.
            Allows a process to request reliable delivery of all events on
            any event queue.
    contract_observer
            Allows a process to observe contract events generated by
            contracts created and owned by users other than the process's
            effective user ID.
            Allows a process to open contract event endpoints belonging to
            contracts created and owned by users other than the process's
            effective user ID.
    file_chown
            Allows a process to change a file's owner user ID.
            Allows a process to change a file's group ID to one other than
            the process' effective group ID or one of the process'
            supplemental group IDs.
    .
    .
    .
Previous Next