17c478bd9Sstevel@tonic-gate# 27c478bd9Sstevel@tonic-gate# CDDL HEADER START 37c478bd9Sstevel@tonic-gate# 47c478bd9Sstevel@tonic-gate# The contents of this file are subject to the terms of the 5a532f31bSgbrunett# Common Development and Distribution License (the "License"). 6a532f31bSgbrunett# You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate# 87c478bd9Sstevel@tonic-gate# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate# or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate# See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate# and limitations under the License. 127c478bd9Sstevel@tonic-gate# 137c478bd9Sstevel@tonic-gate# When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate# If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate# fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate# information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate# 197c478bd9Sstevel@tonic-gate# CDDL HEADER END 207c478bd9Sstevel@tonic-gate# 21a532f31bSgbrunett 22a532f31bSgbrunett# 23a2721256SWilliam Young# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24a532f31bSgbrunett# Use is subject to license terms. 25a532f31bSgbrunett# 26a532f31bSgbrunett 27a532f31bSgbrunett# 287c478bd9Sstevel@tonic-gate# /etc/security/prof_attr 297c478bd9Sstevel@tonic-gate# 307c478bd9Sstevel@tonic-gate# profiles attributes. see prof_attr(4) 317c478bd9Sstevel@tonic-gate# 327c478bd9Sstevel@tonic-gateAll:::Execute any command as the user or role:help=RtAll.html 33ec923578Sjf206706Audit Control:::Configure Solaris Auditing:auths=solaris.audit.config,solaris.jobs.admin;help=RtAuditCtrl.html 34ec923578Sjf206706Audit Review:::Review Solaris Auditing logs:auths=solaris.audit.read;help=RtAuditReview.html 35b00044a2SJames CarlsonConsole User:::Manage System as the Console User:profiles=Suspend To RAM,Suspend To Disk,Brightness,CPU Power Management,Network Autoconf;auths=solaris.system.shutdown;help=RtConsUser.html 367c478bd9Sstevel@tonic-gateContract Observer:::Reliably observe any/all contract events:help=RtContractObserver.html 377c478bd9Sstevel@tonic-gateDevice Management:::Control Access to Removable Media:auths=solaris.device.*;help=RtDeviceMngmnt.html 384e9cfc9aSjacobsPrinter Management:::Manage printers, daemons, spooling:auths=solaris.print.*,solaris.label.print,solaris.smf.manage.discovery.printers.*,solaris.smf.value.discovery.printers.*;help=RtPrntAdmin.html 397c478bd9Sstevel@tonic-gateCron Management:::Manage at and cron jobs:auths=solaris.jobs.*,solaris.smf.manage.cron;help=RtCronMngmnt.html 407c478bd9Sstevel@tonic-gateLog Management:::Manage log files:help=RtLogMngmnt.html 41*ff0e937bSRaymond ChenBasic Solaris User:::Automatically assigned rights:auths=solaris.profmgr.read,solaris.mail.mailq,solaris.device.mount.removable,solaris.admin.wusb.read;profiles=All;help=RtDefault.html 42aecfc01dSrui zang - Sun Microsystems - Beijing ChinaDevice Security:::Manage devices and Volume Manager:auths=solaris.device.*,solaris.smf.manage.vt;help=RtDeviceSecurity.html 437c478bd9Sstevel@tonic-gateDHCP Management:::Manage the DHCP service:auths=solaris.dhcpmgr.*;help=RtDHCPMngmnt.html 44074e084fSml93401Extended Accounting Flow Management:::Manage the Flow Extended Accounting service:auths=solaris.smf.manage.extended-accounting.flow,solaris.smf.value.extended-accounting.flow;profiles=acctadm;help=RtExActtFlow.html 45074e084fSml93401Extended Accounting Process Management:::Manage the Process Extended Accounting service:auths=solaris.smf.manage.extended-accounting.process,solaris.smf.value.extended-accounting.process;profiles=acctadm;hep=RtExAcctProcess.html 46074e084fSml93401Extended Accounting Task Management:::Manage the Task Extended Accounting service:auths=solaris.smf.manage.extended-accounting.task,solaris.smf.value.extended-accounting.task;profiles=acctadm;help=RtExAcctTask.html 47da14cebeSEric ChengExtended Accounting Net Management:::Manage the Net Extended Accounting service:auths=solaris.smf.manage.extended-accounting.net,solaris.smf.value.extended-accounting.net;profiles=acctadm;help=RtExActtNet.html 484bff34e3SthurlowFile System Management:::Manage, mount, share file systems:profiles=SMB Management,VSCAN Management,SMBFS Management;auths=solaris.smf.manage.autofs,solaris.smf.manage.shares.*,solaris.smf.value.shares.*;help=RtFileSysMngmnt.html 497c478bd9Sstevel@tonic-gateFile System Security:::Manage file system security attributes:help=RtFileSysSecurity.html 5018c2aff7SartemHAL Management:::Manage HAL SMF service:auths=solaris.smf.manage.hal;help=RtHALMngmnt.html 51fff9db26Svp157776Idmap Name Mapping Management:::Manage Name-based Mapping Rules of Identity Mapping Service:auths=solaris.admin.idmap.rules;help=RtIdmapNameRulesMngmnt.html 52fff9db26Svp157776Idmap Service Management:::Manage Identity Mapping Service:auths=solaris.smf.manage.idmap,solaris.smf.value.idmap;help=RtIdmapMngmnt.html 53fff9db26Svp157776Inetd Management:::Manage inetd configuration parameters:auths=solaris.smf.manage.inetd,solaris.smf.value.inetd;help=RtInetdMngmnt.html 547c478bd9Sstevel@tonic-gateMail Management:::Manage sendmail & queues:auths=solaris.smf.manage.sendmail;help=RtMailMngmnt.html 55dfac3eb2SDavid PowellMaintenance and Repair:::Maintain and repair a system:auths=solaris.smf.manage.system-log,solaris.label.range,solaris.smf.manage.coreadm,solaris.smf.value.coreadm;help=RtMaintAndRepair.html 5669987563SsabdarMedia Backup:::Backup files and file systems:profiles=NDMP Management;help=RtMediaBkup.html 57a2721256SWilliam YoungMedia Catalog:::Catalog files and file systems:help=RtMediaCtlg.html 5869987563SsabdarMedia Restore:::Restore files and file systems from backups:profiles=NDMP Management;help=RtMediaRestore.html 5968f706f2SDavid MajorMMS Administrator:::MMS Media Manager Administrator:auths=solaris.smf.manage.mms,solaris.smf.value.mms,solaris.mms.*;help=RtMMSAdmin.html 6068f706f2SDavid MajorMMS Operator:::MMS Media Manager Operator:auths=solaris.smf.manage.mms,solaris.mms.media.*,solaris.mms.request.*,solaris.mms.device.state.*,solaris.mms.device.log.*;help=RtMMSOper.html 6168f706f2SDavid MajorMMS User:::MMS Tape User:auths=solaris.mms.io.*;help=RtMMSUser.html 6269987563SsabdarNDMP Management:::Manage the NDMP service:auths=solaris.smf.manage.ndmp,solaris.smf.value.ndmp,solaris.smf.read.ndmp;help=RtNdmpMngmnt.html 63b00044a2SJames CarlsonNetwork Autoconf:::Manage network auto-magic configuration via nwamd:auths=solaris.network.autoconf;help=RtNetAutoconf.html 64b127ac41SPhilip KirkNetwork Management:::Manage the host and network configuration:auths=solaris.smf.manage.name-service-cache,solaris.smf.manage.bind,solaris.smf.value.routing,solaris.smf.manage.routing,solaris.smf.value.nwam,solaris.smf.manage.nwam,solaris.smf.manage.tnd,solaris.smf.manage.tnctl,solaris.smf.manage.wpa,solaris.smf.value.mdns,solaris.smf.manage.mdns;profiles=Network Wifi Management,Inetd Management,Network Autoconf,Network Observability;help=RtNetMngmnt.html 65b127ac41SPhilip KirkNetwork Observability:::Allow access to observability devices:privs=net_observability;help=RtNetObservability.html 66f875b4ebSricaNetwork Security:::Manage network and host security:auths=solaris.smf.manage.ssh,solaris.smf.value.tnd;profiles=Network Wifi Security,Network Link Security,Network IPsec Management;help=RtNetSecure.html 67516fc7f3Shx147065Network Wifi Management:::Manage wifi network configuration:auths=solaris.network.wifi.config;help=RtNetWifiMngmnt.html 68516fc7f3Shx147065Network Wifi Security:::Manage wifi network security:auths=solaris.network.wifi.wep;help=RtNetWifiSecure.html 690ba2cbe9Sxc151355Network Link Security:::Manage network link security:auths=solaris.network.link.security;help=RtNetLinkSecure.html 70e3320f40SmarkfenNetwork IPsec Management:::Manage IPsec and IKE:auths=solaris.smf.manage.ipsec,solaris.smf.value.ipsec;help=RtNetIPsec.html 717c478bd9Sstevel@tonic-gateName Service Management:::Non-security name service scripts/commands:help=RtNameServiceAdmin.html 727c478bd9Sstevel@tonic-gateName Service Security:::Security related name service scripts/commands:help=RtNameServiceSecure.html 737c478bd9Sstevel@tonic-gateObject Access Management:::Change ownership and permission on files:help=RtObAccessMngmnt.html 747c478bd9Sstevel@tonic-gateProcess Management:::Manage current processes and processors:auths=solaris.smf.manage.cron,solaris.smf.manage.power;help=RtProcManagement.html 757c478bd9Sstevel@tonic-gateRights Delegation:::Delegate ability to assign rights to users and roles:auths=solaris.role.delegate,solaris.profmgr.delegate,solaris.grant;help=RtRightsDelegate.html 7618c2aff7SartemRmvolmgr Management:::Manage Removable Volume Manager SMF service:auths=solaris.smf.manage.rmvolmgr;help=RtRmvolmgrMngmnt.html 777c478bd9Sstevel@tonic-gateService Management:::Manage services:auths=solaris.smf.manage,solaris.smf.modify 787c478bd9Sstevel@tonic-gateService Operator:::Administer services:auths=solaris.smf.manage,solaris.smf.modify.framework 797c478bd9Sstevel@tonic-gateSoftware Installation:::Add application software to the system:help=RtSoftwareInstall.html 807c478bd9Sstevel@tonic-gateSystem Event Management:::Manage system events and system event channels:help=RtSysEvMngmnt.html 817c478bd9Sstevel@tonic-gateUser Management:::Manage users, groups, home directory:auths=solaris.profmgr.read;help=RtUserMngmnt.html 82f875b4ebSricaUser Security:::Manage passwords, clearances:auths=solaris.role.*,solaris.profmgr.*,solaris.label.range;help=RtUserSecurity.html 837c478bd9Sstevel@tonic-gateFTP Management:::Manage the FTP server:help=RtFTPMngmnt.html 847c478bd9Sstevel@tonic-gateCrypto Management:::Cryptographic Framework Administration:help=RtCryptoMngmnt.html 857c478bd9Sstevel@tonic-gateKerberos Client Management:::Maintain and Administer Kerberos excluding the servers:help=RtKerberosClntMngmnt.html 867c478bd9Sstevel@tonic-gateKerberos Server Management:::Maintain and Administer Kerberos Servers:profiles=Kerberos Client Management;help=RtKerberosSrvrMngmnt.html 877c478bd9Sstevel@tonic-gateDAT Administration:::Manage the DAT configuration:help=RtDatAdmin.html 88da6c28aaSamwSMB Management:::Manage the SMB service:auths=solaris.smf.manage.smb,solaris.smf.value.smb,solaris.smf.read.smb;help=RtSMBMngmnt.html 894bff34e3SthurlowSMBFS Management:::Manage the SMB client:auths=solaris.smf.manage.smbfs,solaris.smf.value,solaris.smf.modify.application;help=RtSMBFSMngmnt.html 90fcf3ce44SJohn ForteSTMF Administration:::Configure STMF service:auths=solaris.smf.modify.application 91fcf3ce44SJohn ForteSTMF Management:::Start/Stop STMF service:auths=solaris.smf.manage.stmf 92fa9e4066SahrensZFS File System Management:::Create and Manage ZFS File Systems:help=RtZFSFileSysMngmnt.html 93fa9e4066SahrensZFS Storage Management:::Create and Manage ZFS Storage Pools:help=RtZFSStorageMngmnt.html 947c478bd9Sstevel@tonic-gateZone Management:::Zones Virtual Application Environment Administration:help=RtZoneMngmnt.html 957c478bd9Sstevel@tonic-gateIP Filter Management:::IP Filter Administration:help=RtIPFilterMngmnt.html 967c478bd9Sstevel@tonic-gateProject Management:::Add/Modify/Remove projects:help=RtProjManagement.html 97911106dfSjm199354VSCAN Management:::Manage the VSCAN service:auths=solaris.smf.manage.vscan,solaris.smf.value.vscan,solaris.smf.modify.application;help=RtVscanMngmnt.html 98*ff0e937bSRaymond ChenWUSB Management:::Manage Wireless USB:auths=solaris.admin.wusb.*,solaris.smf.manage.wusb;help=WUSBmgmt.html 99f875b4ebSrica# 100f875b4ebSrica# Trusted Extensions profiles: 101f875b4ebSrica# 102f875b4ebSricaInformation Security:::Maintains MAC and DAC security policies:profiles=Device Security,File System Security,Name Service Security,Network Security,Object Access Management,Object Label Management;help=RtInfoSec.html 103f875b4ebSricaObject Label Management:::Change labels on files.:auths=solaris.device.allocate,solaris.label.file.downgrade,solaris.label.win.downgrade,solaris.label.win.upgrade,solaris.label.file.upgrade,solaris.label.range,solaris.smf.manage.labels;help=RtObjectLabelMngmnt.html 104f875b4ebSricaOutside Accred:::Allow a user to operate outside the user accreditation range.:auths=solaris.label.range;help=RtOutsideAccred.html 105a9fd9a9eSzl149053ISCSI Target Administration:::Configure ISCSI Target service:auths=solaris.smf.modify.iscsitgt,solaris.smf.read.iscsitgt,solaris.smf.value.iscsitgt 106a9fd9a9eSzl149053ISCSI Target Management:::Start/Stop ISCSI Target service:auths=solaris.smf.manage.iscsitgt 107d2ec54f7Sphitran# 108d2ec54f7Sphitran# Power Management profiles: 109d2ec54f7Sphitran# 110d2ec54f7SphitranSystem Power:::For authorized users to manage system power:auths=solaris.system.power.*;help=RtSysPowerMgmt.html 111d2ec54f7SphitranSuspend:::For authorized users to Suspend system:auths=solaris.system.power.suspend.*;help=RtSysPowerMgmtSuspend.html 112d2ec54f7SphitranSuspend To Disk:::For authorized users to Suspend to Disk:auths=solaris.system.power.suspend.disk;help=RtSysPowerMgmtSuspendToDisk.html 113d2ec54f7SphitranSuspend To RAM:::For authorized users to Suspend to RAM:auths=solaris.system.power.suspend.ram;help=RtSysPowerMgmtSuspendToRAM.html 114d2ec54f7SphitranBrightness:::For authorized users to Control LCD Brightness:auths=solaris.system.power.brightness;help=RtSysPowerMgmtBrightness.html 115a9da3307Snp146283CPU Power Management:::For authorized users to manage CPU Power:auths=solaris.system.power.cpu;help=RtCPUPowerManagement.html 116074e084fSml93401acctadm:::Do not assign to users. Commands required for Extended Accounting Management profiles:help=RtAcctadm.help 117fcf3ce44SJohn ForteISNS Server Management:::Manage ISNS server:auths=solaris.smf.manage.isns,solaris.smf.value.isns,solaris.isnsmgr.write:help=RtISNSMngmnt.html 118