Information Technology Reference
In-Depth Information
Table 12.7
Default RBAC Execution Attributes (continued)
Profile Name Command
Attributes
Software Installation
/usr/bin/pkginfo
uid=0
Software Installation
/usr/sbin/pkgadd
uid=0;gid=bin
Software Installation
/usr/sbin/pkgmv
uid=0;gid=bin
Software Installation
/usr/ccs/bin/make
euid=0
Software Installation
/usr/sbin/pkgchk
uid=0
Software Installation
/usr/bin/admintool
uid=0;gid=bin
Software Installation
/usr/sbin/pkgask
uid=0
Software Installation
/usr/bin/pkgproto
uid=0
Software Installation
/usr/bin/ln
euid=0
User Management
/usr/sbin/grpck
euid=0
User Management
/usr/sbin/pwck
euid=0
User Management
/etc/init.d/utmpd
uid=0;gid=sys
User Security
/usr/bin/passwd
euid=0
User Security
/usr/sbin/pwck
euid=0
User Security
/usr/sbin/pwconv
euid=0
Be familiar with the formats of all four RBAC database files and the purpose of each
of the fields.
Security Policy Configuration File
(policy.conf)
The /etc/security/policy.conf file specifies the authorizations and pro-
files that are granted to all users. This consists of entries that take the form
key=value where key is either AUTHS_GRANTED or PROFS_GRANTED , and value
is one or more comma-separated authorizations (for AUTHS_GRANTED ) or pro-
files ( PROFS_GRANTED ). The default contents of the policy.conf file are
shown in the following listing:
AUTHS_GRANTED=solaris.device.cdrw
PROFS_GRANTED=Basic Solaris User
The solaris.device.cdrw authorization allows read/write access to CD
drives, whereas the Basic Solaris User profile allows a wide variety of priv-
ileges, as listed in Table 12.3.
Search WWH ::




Custom Search