Information Technology Reference
In-Depth Information
Table 12.7
Default RBAC Execution Attributes
(continued)
Profile Name Command
Attributes
Software Installation
/usr/bin/pkginfo
uid=0
Software Installation
/usr/sbin/pkgadd
uid=0;gid=bin
Software Installation
/usr/sbin/pkgmv
uid=0;gid=bin
Software Installation
/usr/ccs/bin/make
euid=0
Software Installation
/usr/sbin/pkgchk
uid=0
Software Installation
/usr/bin/admintool
uid=0;gid=bin
Software Installation
/usr/sbin/pkgask
uid=0
Software Installation
/usr/bin/pkgproto
uid=0
Software Installation
/usr/bin/ln
euid=0
User Management
/usr/sbin/grpck
euid=0
User Management
/usr/sbin/pwck
euid=0
User Management
/etc/init.d/utmpd
uid=0;gid=sys
User Security
/usr/bin/passwd
euid=0
User Security
/usr/sbin/pwck
euid=0
User Security
/usr/sbin/pwconv
euid=0
Be familiar with the formats of all four RBAC database files and the purpose of each
of the fields.
Security Policy Configuration File
(policy.conf)
The
/etc/security/policy.conf
file specifies the authorizations and pro-
files that are granted to all users. This consists of entries that take the form
key=value
where
key
is either
AUTHS_GRANTED
or
PROFS_GRANTED
, and
value
is one or more comma-separated authorizations (for
AUTHS_GRANTED
) or pro-
files (
PROFS_GRANTED
). The default contents of the
policy.conf
file are
shown in the following listing:
AUTHS_GRANTED=solaris.device.cdrw
PROFS_GRANTED=Basic Solaris User
The
solaris.device.cdrw
authorization allows read/write access to CD
drives, whereas the
Basic Solaris User
profile allows a wide variety of priv-
ileges, as listed in Table 12.3.