xref: /titanic_44/usr/src/lib/libsecdb/exec_attr.txt (revision bbfd0aa6b6f4ad933985f9b64f0fe3686be1f8b7)
1#
2# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
3# Use is subject to license terms.
4#
5# CDDL HEADER START
6#
7# The contents of this file are subject to the terms of the
8# Common Development and Distribution License (the "License").
9# You may not use this file except in compliance with the License.
10#
11# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
12# or http://www.opensolaris.org/os/licensing.
13# See the License for the specific language governing permissions
14# and limitations under the License.
15#
16# When distributing Covered Code, include this CDDL HEADER in each
17# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
18# If applicable, add the following below this CDDL HEADER, with the
19# fields enclosed by brackets "[]" replaced with your own identifying
20# information: Portions Copyright [yyyy] [name of copyright owner]
21#
22# CDDL HEADER END
23#
24# /etc/security/exec_attr
25#
26# execution attributes for profiles. see exec_attr(4)
27#
28#ident	"%Z%%M%	%I%	%E% SMI"
29#
30#
31All:suser:cmd:::*:
32Audit Control:suser:cmd:::/etc/security/bsmconv:uid=0
33Audit Control:suser:cmd:::/etc/security/bsmunconv:uid=0
34Audit Control:solaris:cmd:::/usr/sbin/audit:privs=sys_audit,file_dac_read,proc_owner
35Audit Control:suser:cmd:::/usr/sbin/audit:euid=0
36Audit Control:suser:cmd:::/usr/sbin/auditconfig:euid=0
37Audit Control:suser:cmd:::/usr/sbin/auditd:uid=0
38Audit Review:suser:cmd:::/usr/sbin/auditreduce:euid=0
39Audit Review:suser:cmd:::/usr/sbin/auditstat:euid=0
40Audit Review:suser:cmd:::/usr/sbin/praudit:euid=0
41Contract Observer:solaris:cmd:::/usr/bin/ctwatch:\
42	privs=contract_event,contract_observer
43Cron Management:suser:cmd:::/usr/bin/crontab:euid=0
44Crypto Management:suser:cmd:::/usr/sbin/cryptoadm:euid=0
45Crypto Management:suser:cmd:::/usr/bin/kmfcfg:euid=0
46Crypto Management:suser:cmd:::/usr/sfw/bin/openssl:euid=0
47Crypto Management:suser:cmd:::/usr/sfw/bin/CA.pl:euid=0
48DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/dhcpconfig:uid=0
49DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/dhtadm:uid=0
50DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/pntadm:uid=0
51Device Management:suser:cmd:::/usr/sbin/allocate:uid=0
52Device Management:suser:cmd:::/usr/sbin/add_drv:uid=0
53Device Management:suser:cmd:::/usr/sbin/deallocate:uid=0
54Device Management:suser:cmd:::/usr/sbin/rem_drv:uid=0
55Device Management:suser:cmd:::/usr/sbin/update_drv:uid=0
56Device Security:suser:cmd:::/usr/sbin/add_drv:uid=0
57Device Security:suser:cmd:::/usr/sbin/devfsadm:uid=0
58Device Security:suser:cmd:::/usr/sbin/eeprom:uid=0
59Device Security:solaris:cmd:::/usr/bin/kbd:uid=0;gid=sys
60Device Security:suser:cmd:::/usr/sbin/list_devices:euid=0
61Device Security:suser:cmd:::/usr/sbin/rem_drv:uid=0
62Device Security:suser:cmd:::/usr/sbin/strace:euid=0
63Device Security:suser:cmd:::/usr/sbin/update_drv:uid=0
64FTP Management:suser:cmd:::/usr/sbin/ftpaddhost:uid=0
65FTP Management:suser:cmd:::/usr/sbin/ftpconfig:uid=0
66FTP Management:suser:cmd:::/usr/sbin/ftprestart:euid=0
67FTP Management:suser:cmd:::/usr/sbin/ftpshut:euid=0;egid=sys
68FTP Management:suser:cmd:::/usr/sbin/privatepw:uid=0;egid=sys
69File System Management:solaris:cmd:::/sbin/mount:privs=sys_mount
70File System Management:solaris:cmd:::/sbin/umount:privs=sys_mount
71File System Management:suser:cmd:::/usr/bin/eject:euid=0
72File System Management:suser:cmd:::/usr/bin/mkdir:euid=0
73File System Management:suser:cmd:::/usr/bin/rmdir:euid=0
74File System Management:suser:cmd:::/usr/lib/autofs/automountd:euid=0
75File System Management:suser:cmd:::/usr/lib/fs/autofs/automount:euid=0
76File System Management:suser:cmd:::/usr/lib/fs/nfs/showmount:euid=0
77File System Management:suser:cmd:::/usr/lib/fs/ufs/fsirand:euid=0
78File System Management:suser:cmd:::/usr/lib/fs/ufs/newfs:euid=0
79File System Management:suser:cmd:::/usr/lib/fs/ufs/tunefs:uid=0
80File System Management:suser:cmd:::/usr/sbin/clri:euid=0
81File System Management:suser:cmd:::/usr/sbin/devinfo:euid=0
82File System Management:suser:cmd:::/usr/sbin/dfmounts:euid=0
83File System Management:suser:cmd:::/usr/sbin/dfshares:euid=0
84File System Management:suser:cmd:::/usr/sbin/ff:euid=0
85File System Management:suser:cmd:::/usr/sbin/format:euid=0
86File System Management:suser:cmd:::/usr/sbin/fsck:euid=0
87File System Management:suser:cmd:::/usr/sbin/fsdb:euid=0
88File System Management:suser:cmd:::/usr/sbin/fstyp:euid=0
89File System Management:suser:cmd:::/usr/sbin/fuser:euid=0
90File System Management:suser:cmd:::/usr/sbin/iscsitgtadm:euid=0,privs=basic
91File System Management:suser:cmd:::/usr/sbin/mkfile:euid=0
92File System Management:suser:cmd:::/usr/sbin/mkfs:euid=0
93File System Management:suser:cmd:::/usr/sbin/mount:uid=0
94File System Management:suser:cmd:::/usr/sbin/mountall:uid=0
95File System Management:solaris:cmd:::/usr/sbin/quotacheck:uid=0;gid=sys
96File System Management:solaris:cmd:::/usr/sbin/quotaoff:uid=0;gid=sys
97File System Management:solaris:cmd:::/usr/sbin/quotaon:uid=0;gid=sys
98File System Management:solaris:cmd:::/usr/sbin/raidctl:privs=sys_config,sys_devices;euid=0
99File System Management:suser:cmd:::/usr/sbin/ramdiskadm:euid=0
100File System Management:suser:cmd:::/usr/sbin/share:uid=0;gid=root
101File System Management:suser:cmd:::/usr/sbin/sharemgr:uid=0;gid=root
102File System Management:suser:cmd:::/usr/sbin/shareall:uid=0;gid=root
103File System Management:suser:cmd:::/usr/sbin/swap:euid=0
104File System Management:suser:cmd:::/usr/sbin/umount:uid=0
105File System Management:suser:cmd:::/usr/sbin/umountall:uid=0
106File System Management:suser:cmd:::/usr/sbin/unshare:uid=0;gid=root
107File System Management:suser:cmd:::/usr/sbin/unshareall:uid=0;gid=root
108IP Filter Management:solaris:cmd:::/usr/sbin/ipf:privs=sys_ip_config
109IP Filter Management:solaris:cmd:::/usr/sbin/ipfs:privs=sys_ip_config
110IP Filter Management:solaris:cmd:::/usr/sbin/ipmon:privs=sys_ip_config
111IP Filter Management:solaris:cmd:::/usr/sbin/ipfstat:privs=sys_ip_config;gid=sys
112IP Filter Management:solaris:cmd:::/usr/sbin/ipnat:privs=sys_ip_config;gid=sys
113IP Filter Management:solaris:cmd:::/usr/sbin/ippool:privs=sys_ip_config;gid=sys
114Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/krb5kdc:uid=0
115Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/kadmind:uid=0
116Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/kprop:euid=0;privs=none
117Kerberos Server Management:solaris:cmd:::/usr/sbin/kadmin.local:euid=0;privs=none
118Kerberos Server Management:solaris:cmd:::/usr/sbin/kdb5_util:euid=0;privs=none
119Kerberos Client Management:solaris:cmd:::/usr/bin/klist:euid=0;privs=file_dac_read
120Kerberos Client Management:solaris:cmd:::/usr/sbin/kadmin:euid=0;privs=none
121Kerberos Client Management:solaris:cmd:::/usr/sbin/kclient:euid=0;privs=none
122Log Management:suser:cmd:::/usr/sbin/logadm:euid=0
123Mail Management:suser:cmd:::/usr/lib/sendmail:uid=0
124Mail Management:suser:cmd:::/usr/sbin/editmap:euid=0
125Mail Management:suser:cmd:::/usr/sbin/makemap:euid=0
126Mail Management:suser:cmd:::/usr/sbin/newaliases:euid=0
127Maintenance and Repair:solaris:cmd:::/usr/bin/mdb:privs=all
128Maintenance and Repair:suser:cmd:::/usr/bin/mdb:euid=0
129Maintenance and Repair:solaris:cmd:::/usr/bin/coreadm:euid=0;\
130	privs=sys_config,proc_owner
131Maintenance and Repair:suser:cmd:::/usr/bin/date:euid=0
132Maintenance and Repair:suser:cmd:::/usr/bin/ldd:euid=0
133Maintenance and Repair:suser:cmd:::/usr/bin/vmstat:euid=0
134Maintenance and Repair:suser:cmd:::/usr/sbin/eeprom:euid=0
135Maintenance and Repair:suser:cmd:::/usr/sbin/halt:euid=0
136Maintenance and Repair:suser:cmd:::/sbin/init:uid=0
137Maintenance and Repair:suser:cmd:::/usr/sbin/poweroff:uid=0
138Maintenance and Repair:suser:cmd:::/usr/sbin/prtconf:euid=0
139Maintenance and Repair:suser:cmd:::/usr/sbin/reboot:uid=0
140Maintenance and Repair:suser:cmd:::/usr/sbin/syslogd:euid=0
141Maintenance and Repair:suser:cmd:::/sbin/bootadm:euid=0
142Media Backup:suser:cmd:::/usr/bin/mt:euid=0
143Media Backup:suser:cmd:::/usr/lib/fs/ufs/ufsdump:euid=0;gid=sys
144Media Backup:suser:cmd:::/usr/sbin/tar:euid=0
145Media Restore:suser:cmd:::/usr/bin/cpio:euid=0
146Media Restore:suser:cmd:::/usr/bin/mt:euid=0
147Media Restore:suser:cmd:::/usr/lib/fs/ufs/ufsrestore:euid=0
148Media Restore:suser:cmd:::/usr/sbin/tar:euid=0
149Name Service Management:suser:cmd:::/usr/bin/nischttl:euid=0
150Name Service Management:suser:cmd:::/usr/bin/nisln:euid=0
151Name Service Management:suser:cmd:::/usr/lib/nis/nisctl:euid=0
152Name Service Management:suser:cmd:::/usr/lib/nis/nisping:euid=0
153Name Service Management:suser:cmd:::/usr/lib/nis/nisshowcache:euid=0
154Name Service Management:suser:cmd:::/usr/lib/nis/nisstat:euid=0
155Name Service Management:suser:cmd:::/usr/sbin/nscd:euid=0
156Name Service Security:suser:cmd:::/usr/bin/chkey:euid=0
157Name Service Security:suser:cmd:::/usr/bin/nisaddcred:euid=0
158Name Service Security:suser:cmd:::/usr/bin/nischgrp:euid=0
159Name Service Security:suser:cmd:::/usr/bin/nischmod:euid=0
160Name Service Security:suser:cmd:::/usr/bin/nischown:euid=0
161Name Service Security:suser:cmd:::/usr/bin/nisgrpadm:euid=0
162Name Service Security:suser:cmd:::/usr/bin/nismkdir:euid=0
163Name Service Security:suser:cmd:::/usr/bin/nispasswd:euid=0
164Name Service Security:suser:cmd:::/usr/bin/nisrm:euid=0
165Name Service Security:suser:cmd:::/usr/bin/nisrmdir:euid=0
166Name Service Security:suser:cmd:::/usr/bin/nistbladm:euid=0
167Name Service Security:suser:cmd:::/usr/lib/nis/nisaddent:euid=0
168Name Service Security:suser:cmd:::/usr/lib/nis/nisclient:uid=0
169Name Service Security:suser:cmd:::/usr/lib/nis/nispopulate:euid=0
170Name Service Security:suser:cmd:::/usr/lib/nis/nisserver:uid=0
171Name Service Security:suser:cmd:::/usr/lib/nis/nissetup:euid=0
172Name Service Security:suser:cmd:::/usr/lib/nis/nisupdkeys:euid=0
173Name Service Security:suser:cmd:::/usr/sbin/ldapclient:uid=0
174Name Service Security:suser:cmd:::/usr/sbin/newkey:euid=0
175Name Service Security:suser:cmd:::/usr/sbin/nisinit:euid=0
176Name Service Security:suser:cmd:::/usr/sbin/nislog:euid=0
177Name Service Security:suser:cmd:::/usr/sbin/rpc.nisd:uid=0;gid=0
178Network Management:solaris:cmd:::/sbin/ifconfig:uid=0
179Network Management:solaris:cmd:::/sbin/route:privs=sys_ip_config
180Network Management:solaris:cmd:::/sbin/routeadm:euid=0;\
181	privs=proc_chroot,proc_owner,sys_ip_config
182Network Management:solaris:cmd:::/sbin/dladm:euid=dladm;egid=sys;\
183	privs=sys_net_config,net_rawaccess,proc_audit
184Network Management:suser:cmd:::/usr/bin/netstat:uid=0
185Network Management:suser:cmd:::/usr/bin/rup:euid=0
186Network Management:suser:cmd:::/usr/bin/ruptime:euid=0
187Network Management:suser:cmd:::/usr/bin/setuname:euid=0
188Network Management:suser:cmd:::/usr/sbin/asppp2pppd:euid=0
189Network Management:suser:cmd:::/usr/sbin/ifconfig:uid=0
190Network Management:suser:cmd:::/usr/sbin/ipaddrsel:euid=0
191Network Management:suser:cmd:::/usr/sbin/ipqosconf:euid=0
192Network Management:suser:cmd:::/usr/sbin/rndc:privs=file_dac_read
193Network Management:suser:cmd:::/usr/sbin/route:uid=0
194Network Management:suser:cmd:::/usr/sbin/snoop:uid=0
195Network Management:suser:cmd:::/usr/sbin/spray:euid=0
196Network Link Security:solaris:cmd:::/sbin/dladm:euid=dladm;egid=sys;\
197	privs=sys_net_config,net_rawaccess,proc_audit
198Network Security:solaris:cmd:::/usr/lib/inet/certdb:privs=sys_ip_config
199Network Security:solaris:cmd:::/usr/lib/inet/certlocal:privs=sys_ip_config
200Network Security:solaris:cmd:::/usr/lib/inet/certrldb:privs=sys_ip_config
201Network Security:solaris:cmd:::/usr/lib/inet/in.iked:privs=sys_ip_config,net_privaddr
202Network Security:solaris:cmd:::/usr/sbin/ikeadm:privs=sys_ip_config
203Network Security:solaris:cmd:::/usr/sbin/ikecert:privs=sys_ip_config
204Network Security:solaris:cmd:::/usr/sbin/ipsecconf:privs=sys_ip_config
205Network Security:solaris:cmd:::/usr/sbin/ipseckey:privs=sys_ip_config
206Network Security:solaris:cmd:::/usr/sbin/ipsecalgs:privs=sys_ip_config
207Network Security:solaris:cmd:::/usr/sbin/ksslcfg:euid=0
208Network Security:suser:cmd:::/usr/bin/ssh-keygen:uid=0;gid=sys
209Network Security:suser:cmd:::/usr/lib/inet/certdb:euid=0
210Network Security:suser:cmd:::/usr/lib/inet/certlocal:euid=0
211Network Security:suser:cmd:::/usr/lib/inet/certrldb:euid=0
212Network Security:suser:cmd:::/usr/lib/inet/in.iked:uid=0
213Network Security:suser:cmd:::/usr/sbin/ikeadm:euid=0
214Network Security:suser:cmd:::/usr/sbin/ikecert:euid=0
215Network Security:suser:cmd:::/usr/sbin/ipsecconf:euid=0
216Network Security:suser:cmd:::/usr/sbin/ipseckey:euid=0
217Network Security:suser:cmd:::/usr/sbin/ipsecalgs:euid=0
218Object Access Management:solaris:cmd:::/usr/bin/chgrp:privs=file_chown
219Object Access Management:solaris:cmd:::/usr/bin/chmod:privs=file_owner
220Object Access Management:solaris:cmd:::/usr/bin/chown:privs=file_chown
221Object Access Management:solaris:cmd:::/usr/bin/setfacl:privs=file_owner
222Object Access Management:suser:cmd:::/usr/bin/chgrp:euid=0
223Object Access Management:suser:cmd:::/usr/bin/chmod:euid=0
224Object Access Management:suser:cmd:::/usr/bin/chown:euid=0
225Object Access Management:suser:cmd:::/usr/bin/getfacl:euid=0
226Object Access Management:suser:cmd:::/usr/bin/setfacl:euid=0
227Printer Management:suser:cmd:::/usr/bin/cancel:euid=lp;uid=lp
228Printer Management:suser:cmd:::/usr/bin/lpset:egid=14
229Printer Management:suser:cmd:::/usr/bin/lpstat:euid=0
230Printer Management:suser:cmd:::/usr/lib/lp/local/accept:uid=lp
231Printer Management:suser:cmd:::/usr/lib/lp/local/lpadmin:uid=lp;gid=8
232Printer Management:suser:cmd:::/usr/lib/lp/lpsched:uid=0
233Printer Management:suser:cmd:::/usr/sbin/accept:euid=lp;uid=lp
234Printer Management:suser:cmd:::/usr/sbin/lpadmin:egid=14;uid=lp;gid=8
235Printer Management:suser:cmd:::/usr/sbin/lpfilter:euid=lp;uid=lp
236Printer Management:suser:cmd:::/usr/sbin/lpforms:euid=lp
237Printer Management:suser:cmd:::/usr/sbin/lpmove:euid=lp
238Printer Management:suser:cmd:::/usr/sbin/lpshut:euid=lp
239Printer Management:suser:cmd:::/usr/sbin/lpusers:euid=lp
240Printer Management:suser:cmd:::/usr/sbin/ppdmgr:euid=0
241Printer Management:suser:cmd:::/usr/ucb/lpq:euid=0
242Printer Management:suser:cmd:::/usr/ucb/lprm:euid=0
243Process Management:solaris:cmd:::/usr/bin/kill:privs=proc_owner
244Process Management:solaris:cmd:::/usr/bin/nice:privs=proc_owner,proc_priocntl
245Process Management:solaris:cmd:::/usr/bin/pcred:privs=proc_owner
246Process Management:solaris:cmd:::/usr/bin/pfiles:privs=proc_owner
247Process Management:solaris:cmd:::/usr/bin/pflags:privs=proc_owner
248Process Management:solaris:cmd:::/usr/bin/ppriv:privs=proc_owner
249Process Management:solaris:cmd:::/usr/bin/renice:privs=proc_owner,proc_priocntl
250Process Management:suser:cmd:::/usr/bin/crontab:euid=0
251Process Management:suser:cmd:::/usr/bin/kill:euid=0
252Process Management:suser:cmd:::/usr/bin/nice:euid=0
253Process Management:suser:cmd:::/usr/bin/pcred:euid=0
254Process Management:suser:cmd:::/usr/bin/pfiles:euid=0
255Process Management:suser:cmd:::/usr/bin/pflags:euid=0
256Process Management:suser:cmd:::/usr/bin/pldd:euid=0
257Process Management:suser:cmd:::/usr/bin/pmap:euid=0
258Process Management:suser:cmd:::/usr/bin/prun:euid=0
259Process Management:suser:cmd:::/usr/bin/ps:euid=0
260Process Management:suser:cmd:::/usr/bin/psig:euid=0
261Process Management:suser:cmd:::/usr/bin/pstack:euid=0
262Process Management:suser:cmd:::/usr/bin/pstop:euid=0
263Process Management:suser:cmd:::/usr/bin/ptime:euid=0
264Process Management:suser:cmd:::/usr/bin/ptree:euid=0
265Process Management:suser:cmd:::/usr/bin/pwait:euid=0
266Process Management:suser:cmd:::/usr/bin/pwdx:euid=0
267Process Management:suser:cmd:::/usr/bin/renice:euid=0
268Process Management:suser:cmd:::/usr/bin/truss:euid=0
269Process Management:suser:cmd:::/usr/sbin/fuser:euid=0
270Process Management:solaris:cmd:::/usr/sbin/rcapadm:uid=0
271Project Management:solaris:cmd:::/usr/sbin/projadd:euid=0
272Project Management:solaris:cmd:::/usr/sbin/projmod:euid=0
273Project Management:solaris:cmd:::/usr/sbin/projdel:euid=0
274Software Installation:suser:cmd:::/usr/bin/ln:euid=0
275Software Installation:suser:cmd:::/usr/bin/pkginfo:uid=0
276Software Installation:suser:cmd:::/usr/bin/pkgmk:uid=0
277Software Installation:suser:cmd:::/usr/bin/pkgparam:uid=0
278Software Installation:suser:cmd:::/usr/bin/pkgproto:uid=0
279Software Installation:suser:cmd:::/usr/bin/pkgtrans:uid=0
280Software Installation:suser:cmd:::/usr/ccs/bin/make:euid=0
281Software Installation:suser:cmd:::/usr/sbin/install:euid=0
282Software Installation:suser:cmd:::/usr/sbin/pkgadd:uid=0;gid=bin
283Software Installation:suser:cmd:::/usr/sbin/pkgask:uid=0
284Software Installation:suser:cmd:::/usr/sbin/pkgchk:uid=0
285Software Installation:suser:cmd:::/usr/sbin/pkgrm:uid=0;gid=bin
286System Event Management:suser:cmd:::/usr/sbin/syseventadm:uid=0
287User Management:suser:cmd:::/usr/sbin/grpck:euid=0
288User Management:suser:cmd:::/usr/sbin/pwck:euid=0
289User Management:solaris:cmd:::/usr/sbin/useradd:euid=0
290User Management:solaris:cmd:::/usr/sbin/userdel:euid=0
291User Management:solaris:cmd:::/usr/sbin/usermod:euid=0
292User Management:solaris:cmd:::/usr/sbin/roleadd:euid=0
293User Management:solaris:cmd:::/usr/sbin/roledel:euid=0
294User Management:solaris:cmd:::/usr/sbin/rolemod:euid=0
295User Management:solaris:cmd:::/usr/sbin/groupadd:uid=0
296User Management:solaris:cmd:::/usr/sbin/groupdel:uid=0
297User Management:solaris:cmd:::/usr/sbin/groupmod:uid=0
298User Security:suser:cmd:::/usr/bin/passwd:uid=0
299User Security:solaris:cmd:::/usr/sbin/passmgmt:uid=0
300User Security:suser:cmd:::/usr/sbin/pwck:euid=0
301User Security:suser:cmd:::/usr/sbin/pwconv:euid=0
302DAT Administration:solaris:cmd:::/usr/sbin/datadm:euid=0
303ZFS File System Management:solaris:cmd:::/sbin/zfs:euid=0
304ZFS Storage Management:solaris:cmd:::/sbin/zpool:uid=0
305ZFS Storage Management:solaris:cmd:::/usr/lib/zfs/availdevs:uid=0
306Zone Management:solaris:cmd:::/usr/sbin/zonecfg:uid=0
307Zone Management:solaris:cmd:::/usr/sbin/zoneadm:uid=0
308Zone Management:solaris:cmd:::/usr/sbin/zlogin:uid=0
309