Determining the privileges required for a command
Some commands require special privileges to perform privileged operations. Privileges are used in the kernel to bypass security restrictions.
You can use the tracepriv command to profile a
command to determine the privileges that are required for the command to run
successfully. The tracepriv command records the privileges
that are used by another command when the command is run. The command should
be run with the PV_ROOT privilege so that any attempts to use privileges
will succeed. When the command completes, the set of privileges that have
been used are sent to stdout.
- To profile a given command, run the following command:
tracepriv –ef command_name