System Administration Guide
Chapter 1, Administering user accounts

System privileges and authorizations

System privileges and authorizations

If you are operating with the High and Improved security profiles, you must assign certain system privileges when you assign subsystem authorizations. Although most of these are already assigned by default, they are listed in Table 1-5, ``Subsystem privilege requirements'' in case you modify the defaults. One exception is the audit subsystem, which requires the addition of the configaudit and suspendaudit privileges. These privileges should never be assigned by default, or to ordinary users.

NOTE: Under the Low and Traditional security profiles, most privileges are already assigned by default.

Table 1-5 Subsystem privilege requirements

 Subsystem              Privilege required
 audit                  configaudit, execsuid, writeaudit
 auth                   execsuid, chown
 backup                 execsuid
 lp                     chown
 cron                   chmodsugid, chown, execsuid
 sysadmin               chmodsugid, chown, execsuid