Information Technology Reference
In-Depth Information
The Authorization Attributes Database
(auth_attr)
The
/etc/security/auth_attr
file is used to define authorizations (rights to
use restricted functions) that can be granted on an individual user account
basis. These authorizations can then be referenced in the
user_attr
file to
assign them to roles or directly to user accounts. Table 12.4 lists the colon-
delimited fields of the
auth_attr
file.
Table 12.4
Fields of the Authorization Attributes Database
Field
Use
Name
The name of the authorization consisting of one or more keywords
separated by periods (.) that identify a system, subsystem, and
function. If the name ends with a period, this entry is a title that
describes a group of related authorizations.
Res1
Reserved for future use (empty field).
Res2
Reserved for future use (empty field).
Short Description
A short description of authorization.
Long Description
A long description of the authorization.
Attributes
List of zero or more “key=value” pairs separated by semicolons
that describe the authorization. The only valid key currently is
help
, which is used to define the help file associated with the
authorization.
The following listing shows three entries from the
/etc/security/auth_attr
file:
solaris.grant:::Grant All Rights::help=PriAdmin.html
solaris.audit.:::Audit Management::help=AuditHeader.html
solaris.audit.config:::Configure Auditing::
➥
help=AuditConfig.html
The first entry defines the
solaris.grant
authorization. The
Short Title
field identifies this authorization as
Grant All Rights
. The
Attributes
field identifies the help file (located in the
/usr/lib/help/auths/locale/C
directory).
The second entry defines the
Short Title
field for the audit management set
of authorizations. (Note the period (
.
) at the end of the
Name
field.) The third
entry defines the
solaris.audit.config
authorization, which allows the sys-
tem auditing to be configured (the help file is defined as
AuditConfig.html
).
Table 12.5 lists the default authorizations defined by the
auth_attr
file.