{"id":6390,"date":"2024-05-30T17:50:08","date_gmt":"2024-05-30T14:50:08","guid":{"rendered":"https:\/\/skeletor.org.ua\/?p=6390"},"modified":"2024-05-30T17:50:08","modified_gmt":"2024-05-30T14:50:08","slug":"solaris-debug-service-privileges","status":"publish","type":"post","link":"https:\/\/skeletor.org.ua\/?p=6390","title":{"rendered":"[Solaris] Debug service privileges"},"content":{"rendered":"\n<p>\u0412 \u0434\u0430\u043d\u0456\u0439 \u0441\u0442\u0430\u0442\u0442\u0456 \u043c\u043e\u0432\u0430 \u0439\u0442\u0438\u043c\u0435 \u0441\u0430\u043c\u0435 \u043f\u0440\u043e \u043d\u0435\u043e\u0431\u0445\u0456\u0434\u043d\u0456 <strong>privileges<\/strong> \u043f\u0440\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0443 \u0441\u0435\u0440\u0432\u0456\u0441\u0456\u0432. \u0414\u043b\u044f \u0437\u0432\u0438\u0447\u0430\u0439\u043d\u043e\u0433\u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043c\u043e\u0436\u043d\u0430 \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u0430\u0442\u0438 <a href=\"https:\/\/skeletor.org.ua\/?p=4101\" data-type=\"link\" data-id=\"https:\/\/skeletor.org.ua\/?p=4101\">ppriv<\/a> .<\/p>\n\n\n\n<p>\u041e\u0442\u0436\u0435, \u043c\u0430\u0454\u043c\u043e \u0441\u0435\u0440\u0432\u0456\u0441, \u044f\u043a\u0438\u0439 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0454\u0442\u044c\u0441\u044f, \u0430\u043b\u0435 \u0432 \u043b\u043e\u0433\u0430\u0445 \u0441\u043a\u0430\u0440\u0436\u0438\u0442\u044c\u0441\u044f \u043d\u0430 <strong>permission denied<\/strong>. \u0417\u0440\u043e\u0437\u0443\u043c\u0456\u043b\u043e, \u0449\u043e \u0439\u043e\u043c\u0443 \u0447\u043e\u0433\u043e\u0441\u044c \u043d\u0435 \u0432\u0438\u0441\u0442\u0430\u0447\u0430\u0454, \u0430\u043b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0443\u0441\u043a\u043b\u0430\u0434\u043d\u044e\u0454\u0442\u044c\u0441\u044f \u0442\u0438\u043c, \u0449\u043e \u0446\u0435 <strong>fork<\/strong> \u0432\u0456\u0434 \u043c\u0430\u0441\u0442\u0435\u0440-\u043f\u0440\u043e\u0446\u0435\u0441\u0443 \u0456 \u0432\u0456\u043d \u0432\u0438\u043a\u043b\u0438\u043a\u0430\u0454\u0442\u044c\u0441\u044f \u043f\u043e \u0437\u0430\u043f\u0438\u0442\u0443. \u0422\u043e\u0431\u0442\u043e, \u043f\u0440\u043e\u0441\u0442\u043e \u0442\u0430\u043a \u043d\u0430\u0442\u0440\u0430\u0432\u0438\u0442\u0438 ppriv \u043d\u0435 \u043c\u043e\u0436\u043d\u0430.<\/p>\n\n\n<p><!--more--><\/p>\n\n\n<p>\u0412\u0438\u0445\u0456\u0434 \u0437\u02bc\u044f\u0432\u0438\u0432\u0441\u044f \u0443 <strong>SRU 11.4.39<\/strong>:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Privilege error debugging capabilities for SMF services<br>We added a service method property to SMF to enable privilege debugging for service methods, and processes or daemons started by those methods.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>   priv_debug\n\n       An  optional  boolean that specifies whether this service runs with\n       the PPRIV_DEBUG process flag. Setting  this  true  will  result  in\n       details  of  any  file access errors or missing required privileges\n       being printed to the system  messages  file.  These  messages  will\n       describe  the  missing privilege and for file access, name the file\n       to which access was denied.<\/code><\/pre>\n<\/blockquote>\n\n\n\n<p><code>svccfg -s postfix setprop start\/priv_debug=false;svcadm refresh postfix;svcadm restart postfix<\/code><\/p>\n\n\n\n<p>\u0406 \u0432 \u043b\u043e\u0433\u0430\u0445 \u0441\u0435\u0440\u0432\u0456\u0441\u0443 \u043f\u043e\u0431\u0430\u0447\u0438\u043c\u043e \u0442\u0430\u043a\u0435:<\/p>\n\n\n\n<p><code>dovecot-lda[18256]: missing privilege \"ALL\" (euid = 60001, syscall = \"setuid\") at setuid+0xde<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u0412 \u0434\u0430\u043d\u0456\u0439 \u0441\u0442\u0430\u0442\u0442\u0456 \u043c\u043e\u0432\u0430 \u0439\u0442\u0438\u043c\u0435 \u0441\u0430\u043c\u0435 \u043f\u0440\u043e \u043d\u0435\u043e\u0431\u0445\u0456\u0434\u043d\u0456 privileges \u043f\u0440\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0443 \u0441\u0435\u0440\u0432\u0456\u0441\u0456\u0432. \u0414\u043b\u044f \u0437\u0432\u0438\u0447\u0430\u0439\u043d\u043e\u0433\u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043c\u043e\u0436\u043d\u0430 \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u0430\u0442\u0438 ppriv . \u041e\u0442\u0436\u0435, \u043c\u0430\u0454\u043c\u043e \u0441\u0435\u0440\u0432\u0456\u0441, \u044f\u043a\u0438\u0439 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0454\u0442\u044c\u0441\u044f, \u0430\u043b\u0435 \u0432 \u043b\u043e\u0433\u0430\u0445 \u0441\u043a\u0430\u0440\u0436\u0438\u0442\u044c\u0441\u044f \u043d\u0430 permission denied. \u0417\u0440\u043e\u0437\u0443\u043c\u0456\u043b\u043e, \u0449\u043e \u0439\u043e\u043c\u0443 \u0447\u043e\u0433\u043e\u0441\u044c \u043d\u0435 \u0432\u0438\u0441\u0442\u0430\u0447\u0430\u0454, \u0430\u043b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0443\u0441\u043a\u043b\u0430\u0434\u043d\u044e\u0454\u0442\u044c\u0441\u044f \u0442\u0438\u043c, \u0449\u043e \u0446\u0435 fork \u0432\u0456\u0434 \u043c\u0430\u0441\u0442\u0435\u0440-\u043f\u0440\u043e\u0446\u0435\u0441\u0443 \u0456 \u0432\u0456\u043d \u0432\u0438\u043a\u043b\u0438\u043a\u0430\u0454\u0442\u044c\u0441\u044f \u043f\u043e \u0437\u0430\u043f\u0438\u0442\u0443. \u0422\u043e\u0431\u0442\u043e, \u043f\u0440\u043e\u0441\u0442\u043e \u0442\u0430\u043a \u043d\u0430\u0442\u0440\u0430\u0432\u0438\u0442\u0438 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,24],"tags":[],"class_list":["post-6390","post","type-post","status-publish","format-standard","hentry","category-others","category-solaris"],"_links":{"self":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/6390","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6390"}],"version-history":[{"count":1,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/6390\/revisions"}],"predecessor-version":[{"id":6394,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/6390\/revisions\/6394"}],"wp:attachment":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6390"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6390"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6390"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}