The management of administrative privileges in Oracle Solaris
Oracle Solaris presents an interesting approach for distributing root privileges to Solaris users. Their approach has been stable since it was defined in 2003. The approach adopted the RBAC model for defining roles that Solaris users can assume. Solaris considers the root account as a role that users can take. In Solaris, roles are user accounts that cannot log in; thus, each role has an associated password that can be shared by a group of users that share the same role. From the kernel point of view, Solaris defines four sets of privileges for each process: Effective set, permitted set, Inheritable set, and Limit set. Effective and permitted sets are handled in the same manner as Linux. However, Inheritable and Limit sets are calculated differently during exec() call. In particular, Solaris authorizes the inheritance of privileges after an exec() call, even when the executable doesn’t have privileges stored in its binary. More interestingly, instead of storing p...