1# 2# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 3# Use is subject to license terms. 4# 5# CDDL HEADER START 6# 7# The contents of this file are subject to the terms of the 8# Common Development and Distribution License (the "License"). 9# You may not use this file except in compliance with the License. 10# 11# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 12# or http://www.opensolaris.org/os/licensing. 13# See the License for the specific language governing permissions 14# and limitations under the License. 15# 16# When distributing Covered Code, include this CDDL HEADER in each 17# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 18# If applicable, add the following below this CDDL HEADER, with the 19# fields enclosed by brackets "[]" replaced with your own identifying 20# information: Portions Copyright [yyyy] [name of copyright owner] 21# 22# CDDL HEADER END 23# 24# /etc/security/exec_attr 25# 26# execution attributes for profiles. see exec_attr(4) 27# 28#ident "%Z%%M% %I% %E% SMI" 29# 30# 31All:suser:cmd:::*: 32Audit Control:suser:cmd:::/etc/security/bsmconv:uid=0 33Audit Control:suser:cmd:::/etc/security/bsmunconv:uid=0 34Audit Control:solaris:cmd:::/usr/sbin/audit:privs=sys_audit,file_dac_read,proc_owner 35Audit Control:suser:cmd:::/usr/sbin/audit:euid=0 36Audit Control:suser:cmd:::/usr/sbin/auditconfig:euid=0 37Audit Control:suser:cmd:::/usr/sbin/auditd:uid=0 38Audit Review:suser:cmd:::/usr/sbin/auditreduce:euid=0 39Audit Review:suser:cmd:::/usr/sbin/auditstat:euid=0 40Audit Review:suser:cmd:::/usr/sbin/praudit:euid=0 41Contract Observer:solaris:cmd:::/usr/bin/ctwatch:\ 42 privs=contract_event,contract_observer 43Cron Management:suser:cmd:::/usr/bin/crontab:euid=0 44Crypto Management:suser:cmd:::/usr/sbin/cryptoadm:euid=0 45Crypto Management:suser:cmd:::/usr/bin/kmfcfg:euid=0 46Crypto Management:suser:cmd:::/usr/sfw/bin/openssl:euid=0 47Crypto Management:suser:cmd:::/usr/sfw/bin/CA.pl:euid=0 48DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/dhcpconfig:uid=0 49DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/dhtadm:uid=0 50DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/pntadm:uid=0 51Device Management:suser:cmd:::/usr/sbin/allocate:uid=0 52Device Management:suser:cmd:::/usr/sbin/add_drv:uid=0 53Device Management:suser:cmd:::/usr/sbin/deallocate:uid=0 54Device Management:suser:cmd:::/usr/sbin/rem_drv:uid=0 55Device Management:suser:cmd:::/usr/sbin/update_drv:uid=0 56Device Security:suser:cmd:::/usr/sbin/add_drv:uid=0 57Device Security:suser:cmd:::/usr/sbin/devfsadm:uid=0 58Device Security:suser:cmd:::/usr/sbin/eeprom:uid=0 59Device Security:solaris:cmd:::/usr/bin/kbd:uid=0;gid=sys 60Device Security:suser:cmd:::/usr/sbin/list_devices:euid=0 61Device Security:suser:cmd:::/usr/sbin/rem_drv:uid=0 62Device Security:suser:cmd:::/usr/sbin/strace:euid=0 63Device Security:suser:cmd:::/usr/sbin/update_drv:uid=0 64FTP Management:suser:cmd:::/usr/sbin/ftpaddhost:uid=0 65FTP Management:suser:cmd:::/usr/sbin/ftpconfig:uid=0 66FTP Management:suser:cmd:::/usr/sbin/ftprestart:euid=0 67FTP Management:suser:cmd:::/usr/sbin/ftpshut:euid=0;egid=sys 68FTP Management:suser:cmd:::/usr/sbin/privatepw:uid=0;egid=sys 69File System Management:solaris:cmd:::/sbin/mount:privs=sys_mount 70File System Management:solaris:cmd:::/sbin/umount:privs=sys_mount 71File System Management:suser:cmd:::/usr/bin/eject:euid=0 72File System Management:suser:cmd:::/usr/bin/mkdir:euid=0 73File System Management:suser:cmd:::/usr/bin/rmdir:euid=0 74File System Management:suser:cmd:::/usr/lib/autofs/automountd:euid=0 75File System Management:suser:cmd:::/usr/lib/fs/autofs/automount:euid=0 76File System Management:suser:cmd:::/usr/lib/fs/nfs/showmount:euid=0 77File System Management:suser:cmd:::/usr/lib/fs/ufs/fsirand:euid=0 78File System Management:suser:cmd:::/usr/lib/fs/ufs/newfs:euid=0 79File System Management:suser:cmd:::/usr/lib/fs/ufs/tunefs:uid=0 80File System Management:suser:cmd:::/usr/sbin/clri:euid=0 81File System Management:suser:cmd:::/usr/sbin/devinfo:euid=0 82File System Management:suser:cmd:::/usr/sbin/dfmounts:euid=0 83File System Management:suser:cmd:::/usr/sbin/dfshares:euid=0 84File System Management:suser:cmd:::/usr/sbin/ff:euid=0 85File System Management:suser:cmd:::/usr/sbin/format:euid=0 86File System Management:suser:cmd:::/usr/sbin/fsck:euid=0 87File System Management:suser:cmd:::/usr/sbin/fsdb:euid=0 88File System Management:suser:cmd:::/usr/sbin/fstyp:euid=0 89File System Management:suser:cmd:::/usr/sbin/fuser:euid=0 90File System Management:suser:cmd:::/usr/sbin/iscsitgtadm:euid=0,privs=basic 91File System Management:suser:cmd:::/usr/sbin/mkfile:euid=0 92File System Management:suser:cmd:::/usr/sbin/mkfs:euid=0 93File System Management:suser:cmd:::/usr/sbin/mount:uid=0 94File System Management:suser:cmd:::/usr/sbin/mountall:uid=0 95File System Management:solaris:cmd:::/usr/sbin/quotacheck:uid=0;gid=sys 96File System Management:solaris:cmd:::/usr/sbin/quotaoff:uid=0;gid=sys 97File System Management:solaris:cmd:::/usr/sbin/quotaon:uid=0;gid=sys 98File System Management:solaris:cmd:::/usr/sbin/raidctl:privs=sys_config,sys_devices;euid=0 99File System Management:suser:cmd:::/usr/sbin/ramdiskadm:euid=0 100File System Management:suser:cmd:::/usr/sbin/share:uid=0;gid=root 101File System Management:suser:cmd:::/usr/sbin/sharemgr:uid=0;gid=root 102File System Management:suser:cmd:::/usr/sbin/shareall:uid=0;gid=root 103File System Management:suser:cmd:::/usr/sbin/swap:euid=0 104File System Management:suser:cmd:::/usr/sbin/umount:uid=0 105File System Management:suser:cmd:::/usr/sbin/umountall:uid=0 106File System Management:suser:cmd:::/usr/sbin/unshare:uid=0;gid=root 107File System Management:suser:cmd:::/usr/sbin/unshareall:uid=0;gid=root 108IP Filter Management:solaris:cmd:::/usr/sbin/ipf:privs=sys_ip_config 109IP Filter Management:solaris:cmd:::/usr/sbin/ipfs:privs=sys_ip_config 110IP Filter Management:solaris:cmd:::/usr/sbin/ipmon:privs=sys_ip_config 111IP Filter Management:solaris:cmd:::/usr/sbin/ipfstat:privs=sys_ip_config;gid=sys 112IP Filter Management:solaris:cmd:::/usr/sbin/ipnat:privs=sys_ip_config;gid=sys 113IP Filter Management:solaris:cmd:::/usr/sbin/ippool:privs=sys_ip_config;gid=sys 114Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/krb5kdc:uid=0 115Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/kadmind:uid=0 116Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/kprop:euid=0;privs=none 117Kerberos Server Management:solaris:cmd:::/usr/sbin/kadmin.local:euid=0;privs=none 118Kerberos Server Management:solaris:cmd:::/usr/sbin/kdb5_util:euid=0;privs=none 119Kerberos Client Management:solaris:cmd:::/usr/bin/klist:euid=0;privs=file_dac_read 120Kerberos Client Management:solaris:cmd:::/usr/sbin/kadmin:euid=0;privs=none 121Kerberos Client Management:solaris:cmd:::/usr/sbin/kclient:euid=0;privs=none 122Log Management:suser:cmd:::/usr/sbin/logadm:euid=0 123Mail Management:suser:cmd:::/usr/lib/sendmail:uid=0 124Mail Management:suser:cmd:::/usr/sbin/editmap:euid=0 125Mail Management:suser:cmd:::/usr/sbin/makemap:euid=0 126Mail Management:suser:cmd:::/usr/sbin/newaliases:euid=0 127Maintenance and Repair:solaris:cmd:::/usr/bin/mdb:privs=all 128Maintenance and Repair:suser:cmd:::/usr/bin/mdb:euid=0 129Maintenance and Repair:solaris:cmd:::/usr/bin/coreadm:euid=0;\ 130 privs=sys_config,proc_owner 131Maintenance and Repair:suser:cmd:::/usr/bin/date:euid=0 132Maintenance and Repair:suser:cmd:::/usr/bin/ldd:euid=0 133Maintenance and Repair:suser:cmd:::/usr/bin/vmstat:euid=0 134Maintenance and Repair:suser:cmd:::/usr/sbin/eeprom:euid=0 135Maintenance and Repair:suser:cmd:::/usr/sbin/halt:euid=0 136Maintenance and Repair:suser:cmd:::/sbin/init:uid=0 137Maintenance and Repair:suser:cmd:::/usr/sbin/poweroff:uid=0 138Maintenance and Repair:suser:cmd:::/usr/sbin/prtconf:euid=0 139Maintenance and Repair:suser:cmd:::/usr/sbin/reboot:uid=0 140Maintenance and Repair:suser:cmd:::/usr/sbin/syslogd:euid=0 141Maintenance and Repair:suser:cmd:::/sbin/bootadm:euid=0 142Media Backup:suser:cmd:::/usr/bin/mt:euid=0 143Media Backup:suser:cmd:::/usr/lib/fs/ufs/ufsdump:euid=0;gid=sys 144Media Backup:suser:cmd:::/usr/sbin/tar:euid=0 145Media Restore:suser:cmd:::/usr/bin/cpio:euid=0 146Media Restore:suser:cmd:::/usr/bin/mt:euid=0 147Media Restore:suser:cmd:::/usr/lib/fs/ufs/ufsrestore:euid=0 148Media Restore:suser:cmd:::/usr/sbin/tar:euid=0 149Name Service Management:suser:cmd:::/usr/bin/nischttl:euid=0 150Name Service Management:suser:cmd:::/usr/bin/nisln:euid=0 151Name Service Management:suser:cmd:::/usr/lib/nis/nisctl:euid=0 152Name Service Management:suser:cmd:::/usr/lib/nis/nisping:euid=0 153Name Service Management:suser:cmd:::/usr/lib/nis/nisshowcache:euid=0 154Name Service Management:suser:cmd:::/usr/lib/nis/nisstat:euid=0 155Name Service Management:suser:cmd:::/usr/sbin/nscd:euid=0 156Name Service Security:suser:cmd:::/usr/bin/chkey:euid=0 157Name Service Security:suser:cmd:::/usr/bin/nisaddcred:euid=0 158Name Service Security:suser:cmd:::/usr/bin/nischgrp:euid=0 159Name Service Security:suser:cmd:::/usr/bin/nischmod:euid=0 160Name Service Security:suser:cmd:::/usr/bin/nischown:euid=0 161Name Service Security:suser:cmd:::/usr/bin/nisgrpadm:euid=0 162Name Service Security:suser:cmd:::/usr/bin/nismkdir:euid=0 163Name Service Security:suser:cmd:::/usr/bin/nispasswd:euid=0 164Name Service Security:suser:cmd:::/usr/bin/nisrm:euid=0 165Name Service Security:suser:cmd:::/usr/bin/nisrmdir:euid=0 166Name Service Security:suser:cmd:::/usr/bin/nistbladm:euid=0 167Name Service Security:suser:cmd:::/usr/lib/nis/nisaddent:euid=0 168Name Service Security:suser:cmd:::/usr/lib/nis/nisclient:uid=0 169Name Service Security:suser:cmd:::/usr/lib/nis/nispopulate:euid=0 170Name Service Security:suser:cmd:::/usr/lib/nis/nisserver:uid=0 171Name Service Security:suser:cmd:::/usr/lib/nis/nissetup:euid=0 172Name Service Security:suser:cmd:::/usr/lib/nis/nisupdkeys:euid=0 173Name Service Security:suser:cmd:::/usr/sbin/ldapclient:uid=0 174Name Service Security:suser:cmd:::/usr/sbin/newkey:euid=0 175Name Service Security:suser:cmd:::/usr/sbin/nisinit:euid=0 176Name Service Security:suser:cmd:::/usr/sbin/nislog:euid=0 177Name Service Security:suser:cmd:::/usr/sbin/rpc.nisd:uid=0;gid=0 178Network Management:solaris:cmd:::/sbin/ifconfig:uid=0 179Network Management:solaris:cmd:::/sbin/route:privs=sys_ip_config 180Network Management:solaris:cmd:::/sbin/routeadm:euid=0;\ 181 privs=proc_chroot,proc_owner,sys_ip_config 182Network Management:solaris:cmd:::/sbin/dladm:euid=dladm;egid=sys;\ 183 privs=sys_net_config,net_rawaccess,proc_audit 184Network Management:suser:cmd:::/usr/bin/netstat:uid=0 185Network Management:suser:cmd:::/usr/bin/rup:euid=0 186Network Management:suser:cmd:::/usr/bin/ruptime:euid=0 187Network Management:suser:cmd:::/usr/bin/setuname:euid=0 188Network Management:suser:cmd:::/usr/sbin/asppp2pppd:euid=0 189Network Management:suser:cmd:::/usr/sbin/ifconfig:uid=0 190Network Management:suser:cmd:::/usr/sbin/ipaddrsel:euid=0 191Network Management:suser:cmd:::/usr/sbin/ipqosconf:euid=0 192Network Management:suser:cmd:::/usr/sbin/rndc:privs=file_dac_read 193Network Management:suser:cmd:::/usr/sbin/route:uid=0 194Network Management:suser:cmd:::/usr/sbin/snoop:uid=0 195Network Management:suser:cmd:::/usr/sbin/spray:euid=0 196Network Link Security:solaris:cmd:::/sbin/dladm:euid=dladm;egid=sys;\ 197 privs=sys_net_config,net_rawaccess,proc_audit 198Network Security:solaris:cmd:::/usr/lib/inet/certdb:privs=sys_ip_config 199Network Security:solaris:cmd:::/usr/lib/inet/certlocal:privs=sys_ip_config 200Network Security:solaris:cmd:::/usr/lib/inet/certrldb:privs=sys_ip_config 201Network Security:solaris:cmd:::/usr/lib/inet/in.iked:privs=sys_ip_config,net_privaddr 202Network Security:solaris:cmd:::/usr/sbin/ikeadm:privs=sys_ip_config 203Network Security:solaris:cmd:::/usr/sbin/ikecert:privs=sys_ip_config 204Network Security:solaris:cmd:::/usr/sbin/ipsecconf:privs=sys_ip_config 205Network Security:solaris:cmd:::/usr/sbin/ipseckey:privs=sys_ip_config 206Network Security:solaris:cmd:::/usr/sbin/ipsecalgs:privs=sys_ip_config 207Network Security:solaris:cmd:::/usr/sbin/ksslcfg:euid=0 208Network Security:suser:cmd:::/usr/bin/ssh-keygen:uid=0;gid=sys 209Network Security:suser:cmd:::/usr/lib/inet/certdb:euid=0 210Network Security:suser:cmd:::/usr/lib/inet/certlocal:euid=0 211Network Security:suser:cmd:::/usr/lib/inet/certrldb:euid=0 212Network Security:suser:cmd:::/usr/lib/inet/in.iked:uid=0 213Network Security:suser:cmd:::/usr/sbin/ikeadm:euid=0 214Network Security:suser:cmd:::/usr/sbin/ikecert:euid=0 215Network Security:suser:cmd:::/usr/sbin/ipsecconf:euid=0 216Network Security:suser:cmd:::/usr/sbin/ipseckey:euid=0 217Network Security:suser:cmd:::/usr/sbin/ipsecalgs:euid=0 218Object Access Management:solaris:cmd:::/usr/bin/chgrp:privs=file_chown 219Object Access Management:solaris:cmd:::/usr/bin/chmod:privs=file_owner 220Object Access Management:solaris:cmd:::/usr/bin/chown:privs=file_chown 221Object Access Management:solaris:cmd:::/usr/bin/setfacl:privs=file_owner 222Object Access Management:suser:cmd:::/usr/bin/chgrp:euid=0 223Object Access Management:suser:cmd:::/usr/bin/chmod:euid=0 224Object Access Management:suser:cmd:::/usr/bin/chown:euid=0 225Object Access Management:suser:cmd:::/usr/bin/getfacl:euid=0 226Object Access Management:suser:cmd:::/usr/bin/setfacl:euid=0 227Printer Management:suser:cmd:::/usr/bin/cancel:euid=lp;uid=lp 228Printer Management:suser:cmd:::/usr/bin/lpset:egid=14 229Printer Management:suser:cmd:::/usr/bin/lpstat:euid=0 230Printer Management:suser:cmd:::/usr/lib/lp/local/accept:uid=lp 231Printer Management:suser:cmd:::/usr/lib/lp/local/lpadmin:uid=lp;gid=8 232Printer Management:suser:cmd:::/usr/lib/lp/lpsched:uid=0 233Printer Management:suser:cmd:::/usr/sbin/accept:euid=lp;uid=lp 234Printer Management:suser:cmd:::/usr/sbin/lpadmin:egid=14;uid=lp;gid=8 235Printer Management:suser:cmd:::/usr/sbin/lpfilter:euid=lp;uid=lp 236Printer Management:suser:cmd:::/usr/sbin/lpforms:euid=lp 237Printer Management:suser:cmd:::/usr/sbin/lpmove:euid=lp 238Printer Management:suser:cmd:::/usr/sbin/lpshut:euid=lp 239Printer Management:suser:cmd:::/usr/sbin/lpusers:euid=lp 240Printer Management:suser:cmd:::/usr/sbin/ppdmgr:euid=0 241Printer Management:suser:cmd:::/usr/ucb/lpq:euid=0 242Printer Management:suser:cmd:::/usr/ucb/lprm:euid=0 243Process Management:solaris:cmd:::/usr/bin/kill:privs=proc_owner 244Process Management:solaris:cmd:::/usr/bin/nice:privs=proc_owner,proc_priocntl 245Process Management:solaris:cmd:::/usr/bin/pcred:privs=proc_owner 246Process Management:solaris:cmd:::/usr/bin/pfiles:privs=proc_owner 247Process Management:solaris:cmd:::/usr/bin/pflags:privs=proc_owner 248Process Management:solaris:cmd:::/usr/bin/ppriv:privs=proc_owner 249Process Management:solaris:cmd:::/usr/bin/renice:privs=proc_owner,proc_priocntl 250Process Management:suser:cmd:::/usr/bin/crontab:euid=0 251Process Management:suser:cmd:::/usr/bin/kill:euid=0 252Process Management:suser:cmd:::/usr/bin/nice:euid=0 253Process Management:suser:cmd:::/usr/bin/pcred:euid=0 254Process Management:suser:cmd:::/usr/bin/pfiles:euid=0 255Process Management:suser:cmd:::/usr/bin/pflags:euid=0 256Process Management:suser:cmd:::/usr/bin/pldd:euid=0 257Process Management:suser:cmd:::/usr/bin/pmap:euid=0 258Process Management:suser:cmd:::/usr/bin/prun:euid=0 259Process Management:suser:cmd:::/usr/bin/ps:euid=0 260Process Management:suser:cmd:::/usr/bin/psig:euid=0 261Process Management:suser:cmd:::/usr/bin/pstack:euid=0 262Process Management:suser:cmd:::/usr/bin/pstop:euid=0 263Process Management:suser:cmd:::/usr/bin/ptime:euid=0 264Process Management:suser:cmd:::/usr/bin/ptree:euid=0 265Process Management:suser:cmd:::/usr/bin/pwait:euid=0 266Process Management:suser:cmd:::/usr/bin/pwdx:euid=0 267Process Management:suser:cmd:::/usr/bin/renice:euid=0 268Process Management:suser:cmd:::/usr/bin/truss:euid=0 269Process Management:suser:cmd:::/usr/sbin/fuser:euid=0 270Process Management:solaris:cmd:::/usr/sbin/rcapadm:uid=0 271Project Management:solaris:cmd:::/usr/sbin/projadd:euid=0 272Project Management:solaris:cmd:::/usr/sbin/projmod:euid=0 273Project Management:solaris:cmd:::/usr/sbin/projdel:euid=0 274Software Installation:suser:cmd:::/usr/bin/ln:euid=0 275Software Installation:suser:cmd:::/usr/bin/pkginfo:uid=0 276Software Installation:suser:cmd:::/usr/bin/pkgmk:uid=0 277Software Installation:suser:cmd:::/usr/bin/pkgparam:uid=0 278Software Installation:suser:cmd:::/usr/bin/pkgproto:uid=0 279Software Installation:suser:cmd:::/usr/bin/pkgtrans:uid=0 280Software Installation:suser:cmd:::/usr/ccs/bin/make:euid=0 281Software Installation:suser:cmd:::/usr/sbin/install:euid=0 282Software Installation:suser:cmd:::/usr/sbin/pkgadd:uid=0;gid=bin 283Software Installation:suser:cmd:::/usr/sbin/pkgask:uid=0 284Software Installation:suser:cmd:::/usr/sbin/pkgchk:uid=0 285Software Installation:suser:cmd:::/usr/sbin/pkgrm:uid=0;gid=bin 286System Event Management:suser:cmd:::/usr/sbin/syseventadm:uid=0 287User Management:suser:cmd:::/usr/sbin/grpck:euid=0 288User Management:suser:cmd:::/usr/sbin/pwck:euid=0 289User Management:solaris:cmd:::/usr/sbin/useradd:euid=0 290User Management:solaris:cmd:::/usr/sbin/userdel:euid=0 291User Management:solaris:cmd:::/usr/sbin/usermod:euid=0 292User Management:solaris:cmd:::/usr/sbin/roleadd:euid=0 293User Management:solaris:cmd:::/usr/sbin/roledel:euid=0 294User Management:solaris:cmd:::/usr/sbin/rolemod:euid=0 295User Management:solaris:cmd:::/usr/sbin/groupadd:uid=0 296User Management:solaris:cmd:::/usr/sbin/groupdel:uid=0 297User Management:solaris:cmd:::/usr/sbin/groupmod:uid=0 298User Security:suser:cmd:::/usr/bin/passwd:uid=0 299User Security:solaris:cmd:::/usr/sbin/passmgmt:uid=0 300User Security:suser:cmd:::/usr/sbin/pwck:euid=0 301User Security:suser:cmd:::/usr/sbin/pwconv:euid=0 302DAT Administration:solaris:cmd:::/usr/sbin/datadm:euid=0 303ZFS File System Management:solaris:cmd:::/sbin/zfs:euid=0 304ZFS Storage Management:solaris:cmd:::/sbin/zpool:uid=0 305ZFS Storage Management:solaris:cmd:::/usr/lib/zfs/availdevs:uid=0 306Zone Management:solaris:cmd:::/usr/sbin/zonecfg:uid=0 307Zone Management:solaris:cmd:::/usr/sbin/zoneadm:uid=0 308Zone Management:solaris:cmd:::/usr/sbin/zlogin:uid=0 309