Daemon or Service Triggered Process is Assigned to the no_priv Process Set
|Article:TECH203519|||||Created: 2013-03-05|||||Updated: 2013-03-05|||||Article URL http://www.symantec.com/docs/TECH203519|
A process run under a Service or Daemon is assigned to the int_no_priv process set, even though the process was supposedly triggered by a Service or Daemon (not interactively). The policy has been modified to allow Services or Daemons to run the process under the "Allow services to run these programs if using specific arguments".
The process that is triggered by the Daemon/Service is blocked from executing (assigned to a no_priv process set).
This can occur on WIndows or -ix based machines.
This can happen when the parent process ends before the child process. When this occurs, the child process inherits its grandparent's process rights. If not properly configured, there is no match, and the process can be assigned to the no_priv process set. In some cases you can even see the child process jump from a service process set to an interactive no_priv process set.
Either create a "custom interactive process set" for the grandparent that allows the child to execute, or add a wrapper to the parent process/application to keep the parent process running until all child processes have ended -- this can be done by having a script start the parent process with a "wait" feature that will not stop the parent process until all its children have ended.
Article URL http://www.symantec.com/docs/TECH203519