Privileges

Processes in the operating system run with a set of kernel privileges that control the special rights a process has for certain restricted system actions. If the daemon must take an action that requires one of those privileges, that account must be set up properly so that those privileges are applied to the daemon process. Refer to ``Changing system privileges'' for more information on kernel privileges. If a daemon executes other SUID programs, it must have the execsuid privilege. If the process creates files with the SUID bit, it must have the chmodsugid privilege. If it uses chown to alter ownership of files, it must have the chown privilege. Processes that are not installed with the TCB should not run with any of the audit privileges. Other privileges are for special situations, and should not be allowed to non-TCB daemons.