1# 2# Copyright 2005 Sun Microsystems, Inc. All rights reserved. 3# Use is subject to license terms. 4# 5# CDDL HEADER START 6# 7# The contents of this file are subject to the terms of the 8# Common Development and Distribution License, Version 1.0 only 9# (the "License"). You may not use this file except in compliance 10# with the License. 11# 12# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 13# or http://www.opensolaris.org/os/licensing. 14# See the License for the specific language governing permissions 15# and limitations under the License. 16# 17# When distributing Covered Code, include this CDDL HEADER in each 18# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 19# If applicable, add the following below this CDDL HEADER, with the 20# fields enclosed by brackets "[]" replaced with your own identifying 21# information: Portions Copyright [yyyy] [name of copyright owner] 22# 23# CDDL HEADER END 24# 25# /etc/security/exec_attr 26# 27# execution attributes for profiles. see exec_attr(4) 28# 29#ident "%Z%%M% %I% %E% SMI" 30# 31# 32All:suser:cmd:::*: 33Audit Control:suser:cmd:::/etc/security/bsmconv:uid=0 34Audit Control:suser:cmd:::/etc/security/bsmunconv:uid=0 35Audit Control:suser:cmd:::/usr/sbin/audit:euid=0 36Audit Control:suser:cmd:::/usr/sbin/auditconfig:euid=0 37Audit Control:suser:cmd:::/usr/sbin/auditd:uid=0 38Audit Review:suser:cmd:::/usr/sbin/auditreduce:euid=0 39Audit Review:suser:cmd:::/usr/sbin/auditstat:euid=0 40Audit Review:suser:cmd:::/usr/sbin/praudit:euid=0 41Contract Observer:solaris:cmd:::/usr/bin/ctwatch:\ 42 privs=contract_event,contract_observer 43Cron Management:suser:cmd:::/usr/bin/crontab:euid=0 44Crypto Management:suser:cmd:::/usr/sbin/cryptoadm:euid=0 45Crypto Management:suser:cmd:::/usr/sfw/bin/openssl:euid=0 46Crypto Management:suser:cmd:::/usr/sfw/bin/CA.pl:euid=0 47DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/dhcpconfig:uid=0 48DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/dhtadm:uid=0 49DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/pntadm:uid=0 50Device Management:suser:cmd:::/usr/sbin/allocate:uid=0 51Device Management:suser:cmd:::/usr/sbin/add_drv:uid=0 52Device Management:suser:cmd:::/usr/sbin/deallocate:uid=0 53Device Management:suser:cmd:::/usr/sbin/rem_drv:uid=0 54Device Management:suser:cmd:::/usr/sbin/update_drv:uid=0 55Device Security:suser:cmd:::/usr/sbin/add_drv:uid=0 56Device Security:suser:cmd:::/usr/sbin/devfsadm:uid=0 57Device Security:suser:cmd:::/usr/sbin/eeprom:uid=0 58Device Security:solaris:cmd:::/usr/bin/kbd:uid=0;gid=sys 59Device Security:suser:cmd:::/usr/sbin/list_devices:euid=0 60Device Security:suser:cmd:::/usr/sbin/rem_drv:uid=0 61Device Security:suser:cmd:::/usr/sbin/strace:euid=0 62Device Security:suser:cmd:::/usr/sbin/update_drv:uid=0 63FTP Management:suser:cmd:::/usr/sbin/ftpaddhost:uid=0 64FTP Management:suser:cmd:::/usr/sbin/ftpconfig:uid=0 65FTP Management:suser:cmd:::/usr/sbin/ftprestart:euid=0 66FTP Management:suser:cmd:::/usr/sbin/ftpshut:euid=0;egid=sys 67FTP Management:suser:cmd:::/usr/sbin/privatepw:uid=0;egid=sys 68File System Management:solaris:cmd:::/sbin/mount:privs=sys_mount 69File System Management:solaris:cmd:::/sbin/umount:privs=sys_mount 70File System Management:suser:cmd:::/usr/bin/eject:euid=0 71File System Management:suser:cmd:::/usr/bin/mkdir:euid=0 72File System Management:suser:cmd:::/usr/bin/rmdir:euid=0 73File System Management:suser:cmd:::/usr/lib/autofs/automountd:euid=0 74File System Management:suser:cmd:::/usr/lib/fs/autofs/automount:euid=0 75File System Management:suser:cmd:::/usr/lib/fs/nfs/showmount:euid=0 76File System Management:suser:cmd:::/usr/lib/fs/ufs/fsirand:euid=0 77File System Management:suser:cmd:::/usr/lib/fs/ufs/newfs:euid=0 78File System Management:suser:cmd:::/usr/lib/fs/ufs/tunefs:uid=0 79File System Management:suser:cmd:::/usr/sbin/clri:euid=0 80File System Management:suser:cmd:::/usr/sbin/devinfo:euid=0 81File System Management:suser:cmd:::/usr/sbin/dfmounts:euid=0 82File System Management:suser:cmd:::/usr/sbin/dfshares:euid=0 83File System Management:suser:cmd:::/usr/sbin/ff:euid=0 84File System Management:suser:cmd:::/usr/sbin/format:euid=0 85File System Management:suser:cmd:::/usr/sbin/fsck:euid=0 86File System Management:suser:cmd:::/usr/sbin/fsdb:euid=0 87File System Management:suser:cmd:::/usr/sbin/fstyp:euid=0 88File System Management:suser:cmd:::/usr/sbin/fuser:euid=0 89File System Management:suser:cmd:::/usr/sbin/mkfile:euid=0 90File System Management:suser:cmd:::/usr/sbin/mkfs:euid=0 91File System Management:suser:cmd:::/usr/sbin/mount:uid=0 92File System Management:suser:cmd:::/usr/sbin/mountall:uid=0 93File System Management:solaris:cmd:::/usr/sbin/quotacheck:uid=0;gid=sys 94File System Management:solaris:cmd:::/usr/sbin/quotaoff:uid=0;gid=sys 95File System Management:solaris:cmd:::/usr/sbin/quotaon:uid=0;gid=sys 96File System Management:suser:cmd:::/usr/sbin/ramdiskadm:euid=0 97File System Management:suser:cmd:::/usr/sbin/share:uid=0;gid=root 98File System Management:suser:cmd:::/usr/sbin/shareall:uid=0;gid=root 99File System Management:suser:cmd:::/usr/sbin/swap:euid=0 100File System Management:suser:cmd:::/usr/sbin/umount:uid=0 101File System Management:suser:cmd:::/usr/sbin/umountall:uid=0 102File System Management:suser:cmd:::/usr/sbin/unshare:uid=0;gid=root 103File System Management:suser:cmd:::/usr/sbin/unshareall:uid=0;gid=root 104IP Filter Management:solaris:cmd:::/usr/sbin/ipf:privs=sys_net_config 105IP Filter Management:solaris:cmd:::/usr/sbin/ipfs:privs=sys_net_config 106IP Filter Management:solaris:cmd:::/usr/sbin/ipmon:privs=sys_net_config 107IP Filter Management:solaris:cmd:::/usr/sbin/ipfstat:privs=sys_net_config;gid=sys 108IP Filter Management:solaris:cmd:::/usr/sbin/ipnat:privs=sys_net_config;gid=sys 109IP Filter Management:solaris:cmd:::/usr/sbin/ippool:privs=sys_net_config;gid=sys 110IP Filter Management:solaris:cmd:::/usr/sbin/pfild:uid=0 111Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/krb5kdc:uid=0 112Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/kadmind:uid=0 113Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/kprop:euid=0;privs=none 114Kerberos Server Management:solaris:cmd:::/usr/sbin/kadmin.local:euid=0;privs=none 115Kerberos Server Management:solaris:cmd:::/usr/sbin/kdb5_util:euid=0;privs=none 116Kerberos Client Management:solaris:cmd:::/usr/bin/klist:euid=0;privs=file_dac_read 117Kerberos Client Management:solaris:cmd:::/usr/sbin/kadmin:euid=0;privs=none 118Kerberos Client Management:solaris:cmd:::/usr/sbin/kclient:euid=0;privs=none 119Log Management:suser:cmd:::/usr/sbin/logadm:euid=0 120Mail Management:suser:cmd:::/usr/lib/sendmail:uid=0 121Mail Management:suser:cmd:::/usr/sbin/editmap:euid=0 122Mail Management:suser:cmd:::/usr/sbin/makemap:euid=0 123Mail Management:suser:cmd:::/usr/sbin/newaliases:euid=0 124Maintenance and Repair:solaris:cmd:::/usr/bin/mdb:privs=all 125Maintenance and Repair:suser:cmd:::/usr/bin/mdb:euid=0 126Maintenance and Repair:solaris:cmd:::/usr/bin/coreadm:euid=0;\ 127 privs=sys_config,proc_owner 128Maintenance and Repair:suser:cmd:::/usr/bin/date:euid=0 129Maintenance and Repair:suser:cmd:::/usr/bin/ldd:euid=0 130Maintenance and Repair:suser:cmd:::/usr/bin/vmstat:euid=0 131Maintenance and Repair:suser:cmd:::/usr/sbin/eeprom:euid=0 132Maintenance and Repair:suser:cmd:::/usr/sbin/halt:euid=0 133Maintenance and Repair:suser:cmd:::/sbin/init:euid=0 134Maintenance and Repair:suser:cmd:::/usr/sbin/poweroff:uid=0 135Maintenance and Repair:suser:cmd:::/usr/sbin/prtconf:euid=0 136Maintenance and Repair:suser:cmd:::/usr/sbin/reboot:uid=0 137Maintenance and Repair:suser:cmd:::/usr/sbin/syslogd:euid=0 138Maintenance and Repair:suser:cmd:::/sbin/bootadm:euid=0 139Media Backup:suser:cmd:::/usr/bin/mt:euid=0 140Media Backup:suser:cmd:::/usr/lib/fs/ufs/ufsdump:euid=0;gid=sys 141Media Backup:suser:cmd:::/usr/sbin/tar:euid=0 142Media Restore:suser:cmd:::/usr/bin/cpio:euid=0 143Media Restore:suser:cmd:::/usr/bin/mt:euid=0 144Media Restore:suser:cmd:::/usr/lib/fs/ufs/ufsrestore:euid=0 145Media Restore:suser:cmd:::/usr/sbin/tar:euid=0 146Name Service Management:suser:cmd:::/usr/bin/nischttl:euid=0 147Name Service Management:suser:cmd:::/usr/bin/nisln:euid=0 148Name Service Management:suser:cmd:::/usr/lib/nis/nisctl:euid=0 149Name Service Management:suser:cmd:::/usr/lib/nis/nisping:euid=0 150Name Service Management:suser:cmd:::/usr/lib/nis/nisshowcache:euid=0 151Name Service Management:suser:cmd:::/usr/lib/nis/nisstat:euid=0 152Name Service Management:suser:cmd:::/usr/sbin/nscd:euid=0 153Name Service Security:suser:cmd:::/usr/bin/chkey:euid=0 154Name Service Security:suser:cmd:::/usr/bin/nisaddcred:euid=0 155Name Service Security:suser:cmd:::/usr/bin/nischgrp:euid=0 156Name Service Security:suser:cmd:::/usr/bin/nischmod:euid=0 157Name Service Security:suser:cmd:::/usr/bin/nischown:euid=0 158Name Service Security:suser:cmd:::/usr/bin/nisgrpadm:euid=0 159Name Service Security:suser:cmd:::/usr/bin/nismkdir:euid=0 160Name Service Security:suser:cmd:::/usr/bin/nispasswd:euid=0 161Name Service Security:suser:cmd:::/usr/bin/nisrm:euid=0 162Name Service Security:suser:cmd:::/usr/bin/nisrmdir:euid=0 163Name Service Security:suser:cmd:::/usr/bin/nistbladm:euid=0 164Name Service Security:suser:cmd:::/usr/lib/nis/nisaddent:euid=0 165Name Service Security:suser:cmd:::/usr/lib/nis/nisclient:uid=0 166Name Service Security:suser:cmd:::/usr/lib/nis/nispopulate:euid=0 167Name Service Security:suser:cmd:::/usr/lib/nis/nisserver:uid=0 168Name Service Security:suser:cmd:::/usr/lib/nis/nissetup:euid=0 169Name Service Security:suser:cmd:::/usr/lib/nis/nisupdkeys:euid=0 170Name Service Security:suser:cmd:::/usr/sbin/ldapclient:uid=0 171Name Service Security:suser:cmd:::/usr/sbin/newkey:euid=0 172Name Service Security:suser:cmd:::/usr/sbin/nisinit:euid=0 173Name Service Security:suser:cmd:::/usr/sbin/nislog:euid=0 174Name Service Security:suser:cmd:::/usr/sbin/rpc.nisd:uid=0;gid=0 175Network Management:solaris:cmd:::/sbin/ifconfig:uid=0 176Network Management:solaris:cmd:::/sbin/route:privs=sys_net_config 177Network Management:solaris:cmd:::/sbin/routeadm:euid=0;\ 178 privs=proc_chroot,proc_owner,sys_net_config 179Network Management:solaris:cmd:::/sbin/dladm:privs=sys_net_config 180Network Management:suser:cmd:::/usr/bin/netstat:uid=0 181Network Management:suser:cmd:::/usr/bin/rup:euid=0 182Network Management:suser:cmd:::/usr/bin/ruptime:euid=0 183Network Management:suser:cmd:::/usr/bin/setuname:euid=0 184Network Management:suser:cmd:::/usr/sbin/asppp2pppd:euid=0 185Network Management:suser:cmd:::/usr/sbin/ifconfig:uid=0 186Network Management:suser:cmd:::/usr/sbin/ipaddrsel:euid=0 187Network Management:suser:cmd:::/usr/sbin/ipqosconf:euid=0 188Network Management:suser:cmd:::/usr/sbin/rndc:privs=file_dac_read 189Network Management:suser:cmd:::/usr/sbin/route:uid=0 190Network Management:suser:cmd:::/usr/sbin/snoop:uid=0 191Network Management:suser:cmd:::/usr/sbin/spray:euid=0 192Network Security:solaris:cmd:::/usr/lib/inet/certdb:privs=sys_net_config 193Network Security:solaris:cmd:::/usr/lib/inet/certlocal:privs=sys_net_config 194Network Security:solaris:cmd:::/usr/lib/inet/certrldb:privs=sys_net_config 195Network Security:solaris:cmd:::/usr/lib/inet/in.iked:privs=sys_net_config,net_privaddr 196Network Security:solaris:cmd:::/usr/sbin/ikeadm:privs=sys_net_config 197Network Security:solaris:cmd:::/usr/sbin/ikecert:privs=sys_net_config 198Network Security:solaris:cmd:::/usr/sbin/ipsecconf:privs=sys_net_config 199Network Security:solaris:cmd:::/usr/sbin/ipseckey:privs=sys_net_config 200Network Security:solaris:cmd:::/usr/sbin/ipsecalgs:privs=sys_net_config 201Network Security:suser:cmd:::/usr/bin/ssh-keygen:uid=0;gid=sys 202Network Security:suser:cmd:::/usr/lib/inet/certdb:euid=0 203Network Security:suser:cmd:::/usr/lib/inet/certlocal:euid=0 204Network Security:suser:cmd:::/usr/lib/inet/certrldb:euid=0 205Network Security:suser:cmd:::/usr/lib/inet/in.iked:uid=0 206Network Security:suser:cmd:::/usr/sbin/ikeadm:euid=0 207Network Security:suser:cmd:::/usr/sbin/ikecert:euid=0 208Network Security:suser:cmd:::/usr/sbin/ipsecconf:euid=0 209Network Security:suser:cmd:::/usr/sbin/ipseckey:euid=0 210Network Security:suser:cmd:::/usr/sbin/ipsecalgs:euid=0 211Object Access Management:solaris:cmd:::/usr/bin/chgrp:privs=file_chown 212Object Access Management:solaris:cmd:::/usr/bin/chmod:privs=file_owner 213Object Access Management:solaris:cmd:::/usr/bin/chown:privs=file_chown 214Object Access Management:solaris:cmd:::/usr/bin/setfacl:privs=file_owner 215Object Access Management:suser:cmd:::/usr/bin/chgrp:euid=0 216Object Access Management:suser:cmd:::/usr/bin/chmod:euid=0 217Object Access Management:suser:cmd:::/usr/bin/chown:euid=0 218Object Access Management:suser:cmd:::/usr/bin/getfacl:euid=0 219Object Access Management:suser:cmd:::/usr/bin/setfacl:euid=0 220Printer Management:suser:cmd:::/usr/bin/cancel:euid=lp;uid=lp 221Printer Management:suser:cmd:::/usr/bin/lpset:egid=14 222Printer Management:suser:cmd:::/usr/bin/lpstat:euid=0 223Printer Management:suser:cmd:::/usr/lib/lp/local/accept:uid=lp 224Printer Management:suser:cmd:::/usr/lib/lp/local/lpadmin:uid=lp;gid=8 225Printer Management:suser:cmd:::/usr/lib/lp/lpsched:uid=0 226Printer Management:suser:cmd:::/usr/sbin/accept:euid=lp;uid=lp 227Printer Management:suser:cmd:::/usr/sbin/lpadmin:egid=14;uid=lp;gid=8 228Printer Management:suser:cmd:::/usr/sbin/lpfilter:euid=lp;uid=lp 229Printer Management:suser:cmd:::/usr/sbin/lpforms:euid=lp 230Printer Management:suser:cmd:::/usr/sbin/lpmove:euid=lp 231Printer Management:suser:cmd:::/usr/sbin/lpshut:euid=lp 232Printer Management:suser:cmd:::/usr/sbin/lpusers:euid=lp 233Printer Management:suser:cmd:::/usr/ucb/lpq:euid=0 234Printer Management:suser:cmd:::/usr/ucb/lprm:euid=0 235Process Management:solaris:cmd:::/usr/bin/kill:privs=proc_owner 236Process Management:solaris:cmd:::/usr/bin/nice:privs=proc_owner,proc_priocntl 237Process Management:solaris:cmd:::/usr/bin/pcred:privs=proc_owner 238Process Management:solaris:cmd:::/usr/bin/pfiles:privs=proc_owner 239Process Management:solaris:cmd:::/usr/bin/pflags:privs=proc_owner 240Process Management:solaris:cmd:::/usr/bin/ppriv:privs=proc_owner 241Process Management:solaris:cmd:::/usr/bin/renice:privs=proc_owner,proc_priocntl 242Process Management:suser:cmd:::/usr/bin/crontab:euid=0 243Process Management:suser:cmd:::/usr/bin/kill:euid=0 244Process Management:suser:cmd:::/usr/bin/nice:euid=0 245Process Management:suser:cmd:::/usr/bin/pcred:euid=0 246Process Management:suser:cmd:::/usr/bin/pfiles:euid=0 247Process Management:suser:cmd:::/usr/bin/pflags:euid=0 248Process Management:suser:cmd:::/usr/bin/pldd:euid=0 249Process Management:suser:cmd:::/usr/bin/pmap:euid=0 250Process Management:suser:cmd:::/usr/bin/prun:euid=0 251Process Management:suser:cmd:::/usr/bin/ps:euid=0 252Process Management:suser:cmd:::/usr/bin/psig:euid=0 253Process Management:suser:cmd:::/usr/bin/pstack:euid=0 254Process Management:suser:cmd:::/usr/bin/pstop:euid=0 255Process Management:suser:cmd:::/usr/bin/ptime:euid=0 256Process Management:suser:cmd:::/usr/bin/ptree:euid=0 257Process Management:suser:cmd:::/usr/bin/pwait:euid=0 258Process Management:suser:cmd:::/usr/bin/pwdx:euid=0 259Process Management:suser:cmd:::/usr/bin/renice:euid=0 260Process Management:suser:cmd:::/usr/bin/truss:euid=0 261Process Management:suser:cmd:::/usr/sbin/fuser:euid=0 262Process Management:solaris:cmd:::/usr/sbin/rcapadm:uid=0 263Project Management:solaris:cmd:::/usr/sbin/projadd:euid=0 264Project Management:solaris:cmd:::/usr/sbin/projmod:euid=0 265Project Management:solaris:cmd:::/usr/sbin/projdel:euid=0 266Software Installation:suser:cmd:::/usr/bin/ln:euid=0 267Software Installation:suser:cmd:::/usr/bin/pkginfo:uid=0 268Software Installation:suser:cmd:::/usr/bin/pkgmk:uid=0 269Software Installation:suser:cmd:::/usr/bin/pkgparam:uid=0 270Software Installation:suser:cmd:::/usr/bin/pkgproto:uid=0 271Software Installation:suser:cmd:::/usr/bin/pkgtrans:uid=0 272Software Installation:suser:cmd:::/usr/ccs/bin/make:euid=0 273Software Installation:suser:cmd:::/usr/sbin/install:euid=0 274Software Installation:suser:cmd:::/usr/sbin/pkgadd:uid=0;gid=bin 275Software Installation:suser:cmd:::/usr/sbin/pkgask:uid=0 276Software Installation:suser:cmd:::/usr/sbin/pkgchk:uid=0 277Software Installation:suser:cmd:::/usr/sbin/pkgrm:uid=0;gid=bin 278System Event Management:suser:cmd:::/usr/sbin/syseventadm:uid=0 279User Management:suser:cmd:::/usr/sbin/grpck:euid=0 280User Management:suser:cmd:::/usr/sbin/pwck:euid=0 281User Management:solaris:cmd:::/usr/sbin/useradd:euid=0 282User Management:solaris:cmd:::/usr/sbin/userdel:euid=0 283User Management:solaris:cmd:::/usr/sbin/usermod:euid=0 284User Management:solaris:cmd:::/usr/sbin/roleadd:euid=0 285User Management:solaris:cmd:::/usr/sbin/roledel:euid=0 286User Management:solaris:cmd:::/usr/sbin/rolemod:euid=0 287User Management:solaris:cmd:::/usr/sbin/groupadd:uid=0 288User Management:solaris:cmd:::/usr/sbin/groupdel:uid=0 289User Management:solaris:cmd:::/usr/sbin/groupmod:uid=0 290User Security:suser:cmd:::/usr/bin/passwd:uid=0 291User Security:solaris:cmd:::/usr/sbin/passmgmt:uid=0 292User Security:suser:cmd:::/usr/sbin/pwck:euid=0 293User Security:suser:cmd:::/usr/sbin/pwconv:euid=0 294DAT Administration:solaris:cmd:::/usr/sbin/datadm:euid=0 295ZFS File System Management:solaris:cmd:::/usr/sbin/zfs:euid=0 296ZFS Storage Management:solaris:cmd:::/usr/sbin/zpool:euid=0 297Zone Management:solaris:cmd:::/usr/sbin/zonecfg:uid=0 298Zone Management:solaris:cmd:::/usr/sbin/zoneadm:uid=0 299Zone Management:solaris:cmd:::/usr/sbin/zlogin:uid=0 300