1# 2# CDDL HEADER START 3# 4# The contents of this file are subject to the terms of the 5# Common Development and Distribution License (the "License"). 6# You may not use this file except in compliance with the License. 7# 8# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9# or http://www.opensolaris.org/os/licensing. 10# See the License for the specific language governing permissions 11# and limitations under the License. 12# 13# When distributing Covered Code, include this CDDL HEADER in each 14# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15# If applicable, add the following below this CDDL HEADER, with the 16# fields enclosed by brackets "[]" replaced with your own identifying 17# information: Portions Copyright [yyyy] [name of copyright owner] 18# 19# CDDL HEADER END 20# 21 22# 23# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 24# Use is subject to license terms. 25# 26# ident "%Z%%M% %I% %E% SMI" 27# 28 29# 30# /etc/security/prof_attr 31# 32# profiles attributes. see prof_attr(4) 33# 34All:::Execute any command as the user or role:help=RtAll.html 35Audit Control:::Configure BSM auditing:auths=solaris.audit.config,solaris.jobs.admin;help=RtAuditCtrl.html 36Audit Review:::Review BSM auditing logs:auths=solaris.audit.read;help=RtAuditReview.html 37Contract Observer:::Reliably observe any/all contract events:help=RtContractObserver.html 38Device Management:::Control Access to Removable Media:auths=solaris.device.*;help=RtDeviceMngmnt.html 39Printer Management:::Manage printers, daemons, spooling:auths=solaris.print.*,solaris.label.print;help=RtPrntAdmin.html 40Cron Management:::Manage at and cron jobs:auths=solaris.jobs.*,solaris.smf.manage.cron;help=RtCronMngmnt.html 41Log Management:::Manage log files:help=RtLogMngmnt.html 42Basic Solaris User:::Automatically assigned rights:auths=solaris.profmgr.read,solaris.jobs.user,solaris.mail.mailq,solaris.device.mount.removable;profiles=All;help=RtDefault.html 43Device Security:::Manage devices and Volume Manager:auths=solaris.device.*;help=RtDeviceSecurity.html 44DHCP Management:::Manage the DHCP service:auths=solaris.dhcpmgr.*;help=RtDHCPMngmnt.html 45File System Management:::Manage, mount, share file systems:auths=solaris.smf.manage.autofs,solaris.smf.manage.shares.*,solaris.smf.value.shares.*;help=RtFileSysMngmnt.html 46File System Security:::Manage file system security attributes:help=RtFileSysSecurity.html 47HAL Management:::Manage HAL SMF service:auths=solaris.smf.manage.hal;help=RtHALMngmnt.html 48Mail Management:::Manage sendmail & queues:auths=solaris.smf.manage.sendmail;help=RtMailMngmnt.html 49Maintenance and Repair:::Maintain and repair a system:auths=solaris.smf.manage.system-log,solaris.label.range;help=RtMaintAndRepair.html 50Media Backup:::Backup files and file systems:help=RtMediaBkup.html 51Media Restore:::Restore files and file systems from backups:help=RtMediaRestore.html 52Network Management:::Manage the host and network configuration:auths=solaris.smf.manage.name-service-cache,solaris.smf.manage.bind,solaris.smf.value.routing,solaris.smf.manage.routing,solaris.smf.value.nwam,solaris.smf.manage.nwam,solaris.smf.manage.tnd,solaris.smf.manage.tnctl,solaris.smf.manage.wpa;profiles=Network Wifi Management;help=RtNetMngmnt.html 53Network Security:::Manage network and host security:auths=solaris.smf.manage.ssh,solaris.smf.value.tnd;profiles=Network Wifi Security,Network Link Security,Network IPsec Management;help=RtNetSecure.html 54Network Wifi Management:::Manage wifi network configuration:auths=solaris.network.wifi.config;help=RtNetWifiMngmnt.html 55Network Wifi Security:::Manage wifi network security:auths=solaris.network.wifi.wep;help=RtNetWifiSecure.html 56Network Link Security:::Manage network link security:auths=solaris.network.link.security;help=RtNetLinkSecure.html 57Network IPsec Management:::Manage IPsec and IKE:auths=solaris.smf.manage.ipsec,solaris.smf.value.ipsec;help=RtNetIPsec.html 58Name Service Management:::Non-security name service scripts/commands:help=RtNameServiceAdmin.html 59Name Service Security:::Security related name service scripts/commands:help=RtNameServiceSecure.html 60Idmap Service Management:::Manage Identity Mapping Service:auths=solaris.smf.manage.idmap,solaris.smf.value.idmap;help=RtIdmapMngmnt.html 61Idmap Name Mapping Management:::Manage Name-based Mapping Rules of Identity Mapping Service:auths=solaris.admin.idmap.rules;help=RtIdmapNameRulesMngmnt.html 62Object Access Management:::Change ownership and permission on files:help=RtObAccessMngmnt.html 63Process Management:::Manage current processes and processors:auths=solaris.smf.manage.cron,solaris.smf.manage.power;help=RtProcManagement.html 64Rights Delegation:::Delegate ability to assign rights to users and roles:auths=solaris.role.delegate,solaris.profmgr.delegate,solaris.grant;help=RtRightsDelegate.html 65Rmvolmgr Management:::Manage Removable Volume Manager SMF service:auths=solaris.smf.manage.rmvolmgr;help=RtRmvolmgrMngmnt.html 66Service Management:::Manage services:auths=solaris.smf.manage,solaris.smf.modify 67Service Operator:::Administer services:auths=solaris.smf.manage,solaris.smf.modify.framework 68Software Installation:::Add application software to the system:help=RtSoftwareInstall.html 69System Event Management:::Manage system events and system event channels:help=RtSysEvMngmnt.html 70User Management:::Manage users, groups, home directory:auths=solaris.profmgr.read;help=RtUserMngmnt.html 71User Security:::Manage passwords, clearances:auths=solaris.role.*,solaris.profmgr.*,solaris.label.range;help=RtUserSecurity.html 72FTP Management:::Manage the FTP server:help=RtFTPMngmnt.html 73Crypto Management:::Cryptographic Framework Administration:help=RtCryptoMngmnt.html 74Kerberos Client Management:::Maintain and Administer Kerberos excluding the servers:help=RtKerberosClntMngmnt.html 75Kerberos Server Management:::Maintain and Administer Kerberos Servers:profiles=Kerberos Client Management;help=RtKerberosSrvrMngmnt.html 76DAT Administration:::Manage the DAT configuration:help=RtDatAdmin.html 77ZFS File System Management:::Create and Manage ZFS File Systems:help=RtZFSFileSysMngmnt.html 78ZFS Storage Management:::Create and Manage ZFS Storage Pools:help=RtZFSStorageMngmnt.html 79Zone Management:::Zones Virtual Application Environment Administration:help=RtZoneMngmnt.html 80IP Filter Management:::IP Filter Administration:help=RtIPFilterMngmnt.html 81Project Management:::Add/Modify/Remove projects:help=RtProjManagement.html 82# 83# Trusted Extensions profiles: 84# 85Information Security:::Maintains MAC and DAC security policies:profiles=Device Security,File System Security,Name Service Security,Network Security,Object Access Management,Object Label Management;help=RtInfoSec.html 86Object Label Management:::Change labels on files.:auths=solaris.device.allocate,solaris.label.file.downgrade,solaris.label.win.downgrade,solaris.label.win.upgrade,solaris.label.file.upgrade,solaris.label.range,solaris.smf.manage.labels;help=RtObjectLabelMngmnt.html 87Outside Accred:::Allow a user to operate outside the user accreditation range.:auths=solaris.label.range;help=RtOutsideAccred.html 88