1# 2# CDDL HEADER START 3# 4# The contents of this file are subject to the terms of the 5# Common Development and Distribution License (the "License"). 6# You may not use this file except in compliance with the License. 7# 8# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9# or http://www.opensolaris.org/os/licensing. 10# See the License for the specific language governing permissions 11# and limitations under the License. 12# 13# When distributing Covered Code, include this CDDL HEADER in each 14# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15# If applicable, add the following below this CDDL HEADER, with the 16# fields enclosed by brackets "[]" replaced with your own identifying 17# information: Portions Copyright [yyyy] [name of copyright owner] 18# 19# CDDL HEADER END 20# 21 22# Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 23# 24# /etc/security/exec_attr 25# 26# execution attributes for profiles. see exec_attr(4) 27# 28# 29All:suser:cmd:::*: 30Audit Control:solaris:cmd:::/usr/sbin/audit:privs=proc_owner,sys_audit 31Audit Configuration:solaris:::/usr/sbin/auditconfig:privs=sys_audit 32Audit Review:solaris:cmd:::/usr/sbin/auditreduce:euid=0 33Audit Review:solaris:cmd:::/usr/sbin/auditstat:privs=proc_audit 34Audit Review:solaris:cmd:::/usr/sbin/praudit:privs=file_dac_read 35Contract Observer:solaris:cmd:::/usr/bin/ctwatch:\ 36 privs=contract_event,contract_observer 37Cron Management:suser:cmd:::/usr/bin/crontab:euid=0 38Crypto Management:suser:cmd:::/usr/sbin/cryptoadm:euid=0 39Crypto Management:suser:cmd:::/usr/bin/kmfcfg:euid=0 40Crypto Management:suser:cmd:::/usr/sfw/bin/openssl:euid=0 41Crypto Management:suser:cmd:::/usr/sfw/bin/CA.pl:euid=0 42DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/dhcpconfig:uid=0 43DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/dhtadm:uid=0 44DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/pntadm:uid=0 45Device Management:suser:cmd:::/usr/sbin/allocate:uid=0 46Device Management:suser:cmd:::/usr/sbin/add_drv:uid=0 47Device Management:suser:cmd:::/usr/sbin/deallocate:uid=0 48Device Management:suser:cmd:::/usr/sbin/rem_drv:uid=0 49Device Management:suser:cmd:::/usr/sbin/update_drv:uid=0 50Device Security:suser:cmd:::/usr/sbin/add_drv:uid=0 51Device Security:suser:cmd:::/usr/sbin/devfsadm:uid=0 52Device Security:suser:cmd:::/usr/sbin/eeprom:uid=0 53Device Security:solaris:cmd:::/usr/bin/kbd:uid=0;gid=sys 54Device Security:suser:cmd:::/usr/sbin/list_devices:euid=0 55Device Security:suser:cmd:::/usr/sbin/rem_drv:uid=0 56Device Security:suser:cmd:::/usr/sbin/strace:euid=0 57Device Security:suser:cmd:::/usr/sbin/update_drv:uid=0 58Device Security:suser:cmd:::/usr/sbin/add_allocatable:euid=0 59Device Security:suser:cmd:::/usr/sbin/remove_allocatable:euid=0 60FTP Management:suser:cmd:::/usr/sbin/ftpaddhost:uid=0 61FTP Management:suser:cmd:::/usr/sbin/ftpconfig:uid=0 62FTP Management:suser:cmd:::/usr/sbin/ftprestart:euid=0 63FTP Management:suser:cmd:::/usr/sbin/ftpshut:euid=0;egid=sys 64FTP Management:suser:cmd:::/usr/sbin/privatepw:uid=0;egid=sys 65File System Management:solaris:cmd:::/sbin/mount:privs=sys_mount 66File System Management:solaris:cmd:::/sbin/umount:privs=sys_mount 67File System Management:suser:cmd:::/usr/bin/eject:euid=0 68File System Management:suser:cmd:::/usr/bin/mkdir:euid=0 69File System Management:suser:cmd:::/usr/bin/rmdir:euid=0 70File System Management:suser:cmd:::/usr/lib/autofs/automountd:euid=0 71File System Management:suser:cmd:::/usr/lib/fs/autofs/automount:euid=0 72File System Management:suser:cmd:::/usr/lib/fs/nfs/showmount:euid=0 73File System Management:suser:cmd:::/usr/lib/fs/ufs/fsirand:euid=0 74File System Management:suser:cmd:::/usr/lib/fs/ufs/newfs:euid=0 75File System Management:suser:cmd:::/usr/lib/fs/ufs/tunefs:uid=0 76File System Management:suser:cmd:::/usr/sbin/clri:euid=0 77File System Management:suser:cmd:::/usr/sbin/devinfo:euid=0 78File System Management:suser:cmd:::/usr/sbin/dfmounts:euid=0 79File System Management:suser:cmd:::/usr/sbin/dfshares:euid=0 80File System Management:suser:cmd:::/usr/sbin/ff:euid=0 81File System Management:suser:cmd:::/usr/sbin/format:euid=0 82File System Management:suser:cmd:::/usr/sbin/fsck:euid=0 83File System Management:suser:cmd:::/usr/sbin/fsdb:euid=0 84File System Management:suser:cmd:::/usr/sbin/fstyp:euid=0 85File System Management:suser:cmd:::/usr/sbin/fuser:euid=0 86File System Management:solaris:cmd:::/usr/sbin/iscsiadm:euid=0;privs=basic 87File System Management:suser:cmd:::/usr/sbin/mkfile:euid=0 88File System Management:suser:cmd:::/usr/sbin/mkfs:euid=0 89File System Management:suser:cmd:::/usr/sbin/mount:uid=0 90File System Management:suser:cmd:::/usr/sbin/mountall:uid=0 91File System Management:solaris:cmd:::/usr/sbin/mpathadm:privs=sys_devices 92File System Management:solaris:cmd:::/usr/sbin/quotacheck:uid=0;gid=sys 93File System Management:solaris:cmd:::/usr/sbin/quotaoff:uid=0;gid=sys 94File System Management:solaris:cmd:::/usr/sbin/quotaon:uid=0;gid=sys 95File System Management:solaris:cmd:::/usr/sbin/raidctl:privs=sys_config,sys_devices;euid=0 96File System Management:suser:cmd:::/usr/sbin/ramdiskadm:euid=0 97File System Management:solaris:cmd:::/usr/sbin/sasinfo:privs=sys_devices 98File System Management:solaris:cmd:::/usr/sbin/sbdadm:privs=sys_devices 99File System Management:suser:cmd:::/usr/sbin/share:uid=0;gid=root 100File System Management:suser:cmd:::/usr/sbin/sharemgr:uid=0;gid=root 101File System Management:suser:cmd:::/usr/sbin/shareall:uid=0;gid=root 102File System Management:solaris:cmd:::/usr/sbin/stmfadm:privs=sys_devices 103File System Management:suser:cmd:::/usr/sbin/swap:euid=0 104File System Management:suser:cmd:::/usr/sbin/umount:uid=0 105File System Management:suser:cmd:::/usr/sbin/umountall:uid=0 106File System Management:suser:cmd:::/usr/sbin/unshare:uid=0;gid=root 107File System Management:suser:cmd:::/usr/sbin/unshareall:uid=0;gid=root 108Forced Privilege:solaris:cmd:::/usr/bin/newtask:\ 109 privs=proc_taskid,sys_resource,sys_res_config,proc_priocntl 110Forced Privilege:solaris:cmd:::/usr/bin/rcp:privs=net_privaddr 111Forced Privilege:solaris:cmd:::/usr/bin/rdist:privs=net_privaddr 112Forced Privilege:solaris:cmd:::/usr/bin/rlogin:privs=net_privaddr 113Forced Privilege:solaris:cmd:::/usr/bin/rmformat:\ 114 privs=file_dac_read,file_dac_write,proc_fork,proc_exec,sys_mount,sys_devices 115Forced Privilege:solaris:cmd:::/usr/bin/rsh:privs=net_privaddr 116Forced Privilege:solaris:cmd:::/usr/bin/w:privs=proc_owner 117Forced Privilege:solaris:cmd:::/usr/lib/fs/ufs/quota:privs=file_dac_read 118Forced Privilege:solaris:cmd:::/usr/lib/fs/ufs/ufsdump:privs=net_privaddr 119Forced Privilege:solaris:cmd:::/usr/lib/fs/ufs/ufsrestore:privs=net_privaddr 120Forced Privilege:solaris:cmd:::/usr/sbin/ping:\ 121 privs=net_icmpaccess,sys_ip_config 122Forced Privilege:solaris:cmd:::/usr/sbin/traceroute:\ 123 privs=net_icmpaccess,net_rawaccess 124Forced Privilege:solaris:cmd:::/usr/sbin/whodo:privs=proc_owner 125Forced Privilege:solaris:cmd:::/usr/lib/fs/smbfs/mount:privs=sys_mount 126Forced Privilege:solaris:cmd:::/usr/lib/fs/smbfs/umount:privs=sys_mount 127IP Filter Management:solaris:cmd:::/usr/sbin/ipf:privs=sys_ip_config 128IP Filter Management:solaris:cmd:::/usr/sbin/ipfs:privs=sys_ip_config 129IP Filter Management:solaris:cmd:::/usr/sbin/ipmon:privs=sys_ip_config 130IP Filter Management:solaris:cmd:::/usr/sbin/ipfstat:privs=sys_ip_config;gid=sys 131IP Filter Management:solaris:cmd:::/usr/sbin/ipnat:privs=sys_ip_config;gid=sys 132IP Filter Management:solaris:cmd:::/usr/sbin/ippool:privs=sys_ip_config;gid=sys 133Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/krb5kdc:uid=0 134Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/kadmind:uid=0 135Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/kprop:euid=0;privs=none 136Kerberos Server Management:solaris:cmd:::/usr/sbin/kadmin.local:euid=0;privs=none 137Kerberos Server Management:solaris:cmd:::/usr/sbin/kdb5_util:euid=0;privs=none 138Kerberos Server Management:solaris:cmd:::/usr/sbin/kdb5_ldap_util:euid=0;privs=none 139Kerberos Server Management:solaris:cmd:::/usr/sbin/kdcmgr:euid=0;privs=none 140Kerberos Client Management:solaris:cmd:::/usr/bin/klist:euid=0;privs=file_dac_read 141Kerberos Client Management:solaris:cmd:::/usr/sbin/kadmin:euid=0;privs=none 142Kerberos Client Management:solaris:cmd:::/usr/sbin/kclient:euid=0;privs=none 143Log Management:suser:cmd:::/usr/sbin/logadm:euid=0 144Mail Management:suser:cmd:::/usr/lib/sendmail:uid=0 145Mail Management:suser:cmd:::/usr/sbin/editmap:euid=0 146Mail Management:suser:cmd:::/usr/sbin/makemap:euid=0 147Mail Management:suser:cmd:::/usr/sbin/newaliases:euid=0 148Maintenance and Repair:solaris:cmd:::/usr/bin/mdb:privs=all 149Maintenance and Repair:suser:cmd:::/usr/bin/mdb:euid=0 150Maintenance and Repair:solaris:cmd:::/usr/bin/coreadm:euid=0;privs=proc_owner 151Maintenance and Repair:suser:cmd:::/usr/bin/date:euid=0 152Maintenance and Repair:suser:cmd:::/usr/bin/ldd:euid=0 153Maintenance and Repair:suser:cmd:::/usr/bin/vmstat:euid=0 154Maintenance and Repair:suser:cmd:::/usr/sbin/eeprom:euid=0 155Maintenance and Repair:suser:cmd:::/usr/sbin/halt:euid=0 156Maintenance and Repair:suser:cmd:::/sbin/init:uid=0 157Maintenance and Repair:solaris:cmd:::/usr/sbin/pcitool:privs=all 158Maintenance and Repair:suser:cmd:::/usr/sbin/poweroff:uid=0 159Maintenance and Repair:suser:cmd:::/usr/sbin/prtconf:euid=0 160Maintenance and Repair:suser:cmd:::/usr/sbin/reboot:uid=0 161Maintenance and Repair:suser:cmd:::/usr/sbin/syslogd:euid=0 162Maintenance and Repair:suser:cmd:::/sbin/bootadm:euid=0 163Maintenance and Repair:solaris:cmd:::/usr/sbin/ucodeadm:privs=all 164Media Backup:suser:cmd:::/usr/bin/mt:euid=0 165Media Backup:suser:cmd:::/usr/lib/fs/ufs/ufsdump:euid=0;gid=sys 166Media Backup:suser:cmd:::/usr/sbin/tar:euid=0 167Media Catalog:solaris:cmd:::/usr/bin/bart:\ 168 privs=file_dac_read,file_dac_search 169Media Restore:suser:cmd:::/usr/bin/cpio:euid=0 170Media Restore:suser:cmd:::/usr/bin/mt:euid=0 171Media Restore:suser:cmd:::/usr/lib/fs/ufs/ufsrestore:euid=0 172Media Restore:suser:cmd:::/usr/sbin/tar:euid=0 173Name Service Management:suser:cmd:::/usr/sbin/nscd:euid=0 174Name Service Security:suser:cmd:::/usr/bin/chkey:euid=0 175Name Service Security:suser:cmd:::/usr/sbin/ldapclient:uid=0 176Name Service Security:suser:cmd:::/usr/sbin/newkey:euid=0 177Network Management:solaris:cmd:::/sbin/ifconfig:uid=0 178Network Management:solaris:cmd:::/sbin/route:privs=sys_ip_config 179Network Management:solaris:cmd:::/sbin/routeadm:euid=0;\ 180 privs=proc_chroot,proc_owner,sys_ip_config 181Network Management:solaris:cmd:::/sbin/dladm:euid=dladm;egid=netadm;\ 182 privs=sys_dl_config,net_rawaccess,proc_audit 183Network Management:solaris:cmd:::/sbin/dlstat:euid=dladm;egid=sys; 184Network Management:solaris:cmd:::/sbin/flowadm:euid=dladm;egid=sys;\ 185 privs=sys_dl_config,net_rawaccess,proc_audit 186Network Management:solaris:cmd:::/sbin/flowstat:euid=dladm;egid=sys; 187Network Management:solaris:cmd:::/sbin/ipadm:euid=netadm;egid=netadm;\ 188 privs=sys_ip_config,net_rawaccess 189Network Management:suser:cmd:::/usr/bin/netstat:uid=0 190Network Management:suser:cmd:::/usr/bin/rup:euid=0 191Network Management:suser:cmd:::/usr/bin/ruptime:euid=0 192Network Management:suser:cmd:::/usr/bin/setuname:euid=0 193Network Management:suser:cmd:::/usr/sbin/asppp2pppd:euid=0 194Network Management:suser:cmd:::/usr/sbin/ifconfig:uid=0 195Network Management:suser:cmd:::/usr/sbin/ipaddrsel:euid=0 196Network Management:suser:cmd:::/usr/sbin/ipqosconf:euid=0 197Network Management:suser:cmd:::/usr/sbin/rndc:privs=file_dac_read 198Network Management:suser:cmd:::/usr/sbin/route:uid=0 199Network Management:suser:cmd:::/usr/sbin/snoop:uid=0 200Network Management:solaris:cmd:::/usr/sbin/snoop:privs=net_observability 201Network Management:suser:cmd:::/usr/sbin/spray:euid=0 202Network Observability:solaris:cmd:::/usr/sbin/snoop:privs=net_observability 203Network Link Security:solaris:cmd:::/sbin/dladm:euid=dladm;egid=sys;\ 204 privs=sys_dl_config,net_rawaccess,proc_audit 205Network Link Security:solaris:cmd:::/sbin/dlstat:euid=dladm;egid=sys; 206Network IPsec Management:solaris:cmd:::/usr/lib/inet/certdb:euid=0;privs=none 207Network IPsec Management:solaris:cmd:::/usr/lib/inet/certlocal:euid=0;privs=none 208Network IPsec Management:solaris:cmd:::/usr/lib/inet/certrldb:euid=0;privs=none 209Network IPsec Management:solaris:cmd:::/usr/lib/inet/in.iked:euid=0 210Network IPsec Management:solaris:cmd:::/usr/sbin/ikeadm:euid=0;privs=file_dac_write 211Network IPsec Management:solaris:cmd:::/usr/sbin/ikecert:euid=0;privs=none 212Network IPsec Management:solaris:cmd:::/usr/sbin/ipsecconf:euid=0;privs=sys_ip_config 213Network IPsec Management:solaris:cmd:::/usr/sbin/ipseckey:uid=0;privs=sys_ip_config 214Network IPsec Management:solaris:cmd:::/usr/sbin/ipsecalgs:privs=sys_ip_config 215Network IPsec Management:suser:cmd:::/usr/lib/inet/certdb:euid=0 216Network IPsec Management:suser:cmd:::/usr/lib/inet/certlocal:euid=0 217Network IPsec Management:suser:cmd:::/usr/lib/inet/certrldb:euid=0 218Network IPsec Management:suser:cmd:::/usr/lib/inet/in.iked:euid=0 219Network IPsec Management:suser:cmd:::/usr/sbin/ikeadm:euid=0 220Network IPsec Management:suser:cmd:::/usr/sbin/ikecert:euid=0 221Network IPsec Management:suser:cmd:::/usr/sbin/ipsecconf:euid=0 222Network IPsec Management:suser:cmd:::/usr/sbin/ipseckey:uid=0 223Network IPsec Management:suser:cmd:::/usr/sbin/ipsecalgs:euid=0 224Network Security:solaris:cmd:::/usr/sbin/ksslcfg:euid=0 225Network Security:suser:cmd:::/usr/bin/ssh-keygen:uid=0;gid=sys 226Object Access Management:solaris:cmd:::/usr/bin/chgrp:privs=file_chown 227Object Access Management:solaris:cmd:::/usr/bin/chmod:privs=file_owner 228Object Access Management:solaris:cmd:::/usr/bin/chown:privs=file_chown 229Object Access Management:solaris:cmd:::/usr/bin/setfacl:privs=file_owner 230Object Access Management:suser:cmd:::/usr/bin/chgrp:euid=0 231Object Access Management:suser:cmd:::/usr/bin/chmod:euid=0 232Object Access Management:suser:cmd:::/usr/bin/chown:euid=0 233Object Access Management:suser:cmd:::/usr/bin/getfacl:euid=0 234Object Access Management:suser:cmd:::/usr/bin/setfacl:euid=0 235Primary Administrator:solaris:cmd:::*:uid=0;gid=0 236Printer Management:suser:cmd:::/usr/lib/lp/local/lpadmin:uid=lp;gid=lp 237Printer Management:suser:cmd:::/usr/sbin/lpfilter:euid=lp;uid=lp 238Printer Management:suser:cmd:::/usr/sbin/lpforms:euid=lp 239Printer Management:suser:cmd:::/usr/sbin/lpusers:euid=lp 240Printer Management:suser:cmd:::/usr/sbin/ppdmgr:euid=0 241Process Management:solaris:cmd:::/usr/bin/kill:privs=proc_owner 242Process Management:solaris:cmd:::/usr/bin/nice:privs=proc_owner,proc_priocntl 243Process Management:solaris:cmd:::/usr/bin/pcred:privs=proc_owner 244Process Management:solaris:cmd:::/usr/bin/pfiles:privs=proc_owner 245Process Management:solaris:cmd:::/usr/bin/pflags:privs=proc_owner 246Process Management:solaris:cmd:::/usr/bin/ppriv:privs=proc_owner 247Process Management:solaris:cmd:::/usr/bin/renice:privs=proc_owner,proc_priocntl 248Process Management:suser:cmd:::/usr/bin/crontab:euid=0 249Process Management:suser:cmd:::/usr/bin/kill:euid=0 250Process Management:suser:cmd:::/usr/bin/nice:euid=0 251Process Management:suser:cmd:::/usr/bin/pcred:euid=0 252Process Management:suser:cmd:::/usr/bin/pfiles:euid=0 253Process Management:suser:cmd:::/usr/bin/pflags:euid=0 254Process Management:suser:cmd:::/usr/bin/pldd:euid=0 255Process Management:suser:cmd:::/usr/bin/pmap:euid=0 256Process Management:suser:cmd:::/usr/bin/prun:euid=0 257Process Management:suser:cmd:::/usr/bin/ps:euid=0 258Process Management:suser:cmd:::/usr/bin/psig:euid=0 259Process Management:suser:cmd:::/usr/bin/pstack:euid=0 260Process Management:suser:cmd:::/usr/bin/pstop:euid=0 261Process Management:suser:cmd:::/usr/bin/ptime:euid=0 262Process Management:suser:cmd:::/usr/bin/ptree:euid=0 263Process Management:suser:cmd:::/usr/bin/pwait:euid=0 264Process Management:suser:cmd:::/usr/bin/pwdx:euid=0 265Process Management:suser:cmd:::/usr/bin/renice:euid=0 266Process Management:suser:cmd:::/usr/bin/truss:euid=0 267Process Management:suser:cmd:::/usr/sbin/fuser:euid=0 268Process Management:solaris:cmd:::/usr/sbin/rcapadm:uid=0 269Project Management:solaris:cmd:::/usr/sbin/projadd:euid=0 270Project Management:solaris:cmd:::/usr/sbin/projmod:euid=0 271Project Management:solaris:cmd:::/usr/sbin/projdel:euid=0 272Software Installation:suser:cmd:::/usr/bin/ln:euid=0 273Software Installation:suser:cmd:::/usr/bin/pkginfo:uid=0 274Software Installation:suser:cmd:::/usr/bin/pkgmk:uid=0 275Software Installation:suser:cmd:::/usr/bin/pkgparam:uid=0 276Software Installation:suser:cmd:::/usr/bin/pkgproto:uid=0 277Software Installation:suser:cmd:::/usr/bin/pkgtrans:uid=0 278Software Installation:suser:cmd:::/usr/ccs/bin/make:euid=0 279Software Installation:suser:cmd:::/usr/sbin/install:euid=0 280Software Installation:suser:cmd:::/usr/sbin/pkgadd:uid=0;gid=bin 281Software Installation:suser:cmd:::/usr/sbin/pkgask:uid=0 282Software Installation:suser:cmd:::/usr/sbin/pkgchk:uid=0 283Software Installation:suser:cmd:::/usr/sbin/pkgrm:uid=0;gid=bin 284System Event Management:suser:cmd:::/usr/sbin/syseventadm:uid=0 285User Management:suser:cmd:::/usr/sbin/grpck:euid=0 286User Management:suser:cmd:::/usr/sbin/pwck:euid=0 287User Management:solaris:cmd:::/usr/sbin/useradd:uid=0 288User Management:solaris:cmd:::/usr/sbin/userdel:uid=0 289User Management:solaris:cmd:::/usr/sbin/usermod:uid=0 290User Management:solaris:cmd:::/usr/sbin/roleadd:uid=0 291User Management:solaris:cmd:::/usr/sbin/roledel:uid=0 292User Management:solaris:cmd:::/usr/sbin/rolemod:uid=0 293User Management:solaris:cmd:::/usr/sbin/groupadd:uid=0 294User Management:solaris:cmd:::/usr/sbin/groupdel:uid=0 295User Management:solaris:cmd:::/usr/sbin/groupmod:uid=0 296User Security:suser:cmd:::/usr/bin/passwd:uid=0 297User Security:suser:cmd:::/usr/sbin/pwck:euid=0 298User Security:suser:cmd:::/usr/sbin/pwconv:euid=0 299DAT Administration:solaris:cmd:::/usr/sbin/datadm:euid=0 300ZFS File System Management:solaris:cmd:::/sbin/zfs:euid=0 301ZFS Storage Management:solaris:cmd:::/sbin/zpool:uid=0 302ZFS Storage Management:solaris:cmd:::/usr/lib/zfs/availdevs:uid=0 303Zone Security:solaris:cmd:::/usr/sbin/txzonemgr:uid=0 304Zone Security:solaris:cmd:::/usr/sbin/zonecfg:uid=0 305Zone Management:solaris:cmd:::/usr/sbin/zoneadm:euid=0 306Zone Management:solaris:cmd:::/usr/sbin/zlogin:euid=0 307acctadm:solaris:cmd:::/usr/sbin/acctadm:euid=0;egid=0;privs=sys_acct,file_dac_write 308