Processes in the operating system run with a set of kernel
privileges that control the
special rights a process has for certain restricted system actions. If the
daemon must take an action that requires one of those privileges, that account
must be set up properly so that those privileges are applied to the daemon
process. Refer to
``Changing system privileges''
for more information on kernel privileges.
If a daemon executes other SUID programs, it must have the
If the process creates files with the SUID bit, it must
have the chmodsugid privilege. If it uses
to alter ownership of files, it must have the chown privilege.
Processes that are not installed with the TCB should
not run with any of the audit privileges. Other privileges are for
special situations, and should not be allowed to non-TCB daemons.