By Brian Leonard on May 11, 2010
I noticed my Apache web server had one process that ran as root, which then forked other processes as user webservd. The reason for this is that apache wants access to port 80, which traditionally requires root privileges. To improve upon this all-or-nothing security model, Solaris 10 introduced the concept of fine-grained privileges, and in OpenSolaris there are now 75 of them.
What this means is that I can now give a process, which has
traditionally run with root privileges, just the privileges it needs to
get its job done - a concept known as least privilege. The trick, of course, is figuring out which privileges a process needs.