tracepriv Command
Purpose
Traces the privileges that a command needs for a successful run.
Syntax
tracepriv [ -d ] [ -e ] [ -f ] [ -o outputfile ] Command [ args ]
Description
The tracepriv command records the privileges that a command attempts to use when the command is run. The tracepriv command is used for command investigation when entries are added to the privileged command database. The tracepriv command runs the command specified by the Command parameter with the specified arguments (with the args parameter). Generally, run the tracepriv command with the PV_ROOT privilege so that any attempt to use a privilege succeeds. In this case, the tracepriv command can keep track of all of the privileges that the Command needs for a successful run without the PV_ROOT privilege. After the Command is run or when an exec subroutine within the command occurs, the list of used privileges is written to standard output (stdout).
Flags
| Item | Description |
|---|---|
| -d | Displays the output of the truss command with the privileges that is required by the command. |
| -e | Follows the exec subroutine. If the command specified by the Command parameter runs an exec subroutine, the tracepriv command reports the privileges needed so far (and set them if the -a flag is used), and then proceeds with recording (and setting) the privileges associated with the new executable file. If the file run by the exec subroutine has its setuid bit set and is not owned by root, the tracepriv command cannot properly trace the privilege use of the file. |
| -f | Follows the fork subroutine. If the controlled process calls the fork subroutine, the tracepriv command also reports the privileges used by the new child process. |
| -o | Writes the output to the specified file instead of the standard output (stdout). |
Parameters
| Item | Description |
|---|---|
| args | Specifies the arguments. |
| Command | Specifies the command. |
| outputfile | Specifies the file to record the output. |