profiles(1) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨 페이지 이름
검색(S)

profiles(1)

profiles(1)                      User Commands                     profiles(1)



NAME
       profiles - list and manage rights profiles

SYNOPSIS
       profiles [-lx] [-c command] [user ...] [-S repository]


       profiles [-la] [-S repository]


       profiles -p profile [-S repository] [subcommand]


       profiles -p profile [-S repository] -f command_file


       profiles help

DESCRIPTION
       The profiles utility creates and modifies the configuration of a rights
       profile in the prof_attr(5) or  exec_attr(5)  databases  in  the  local
       files name service or LDAP name service. A rights profile configuration
       consists of a profile name and a number of properties.


       The following synopsis of the profiles subcommand  is  for  interactive
       usage:

         profiles -p profile [-S repository] [subcommand]



       The  profiles command prints on standard output the names of the rights
       profiles that have been assigned to you or to the  optionally-specified
       user  or role name. Profiles are a bundling mechanism used to enumerate
       the commands and authorizations needed to perform a specific  function.
       Along  with  each listed executable are the process attributes, such as
       the effective user and group IDs, with  which  the  process  runs  when
       started  by  a  privileged  command  interpreter. See the pfexec(1) man
       page. Profiles can contain other profiles defined in prof_attr(5).


       Multiple profiles can be combined to construct the  appropriate  access
       control.  When  profiles  are assigned, the authorizations are added to
       the existing set. If the same command appears in multiple profiles, the
       first occurrence, as determined by the ordering of the profiles is used
       for process-attribute settings. For  convenience,  a  wildcard  can  be
       specified to match all commands.


       The  special  profile  "Stop" shortcuts the evaluations of further pro‐
       files. Profiles seen after the "Stop" profile are not evaluated nor are
       they  used  to  find  additional  commands. This profile can be used to
       sidestep  profiles  listed  in   /etc/security/policy.conf   with   the
       PROF_GRANTED  key  and  the  authorizations listed with AUTH_GRANTED in
       that file.


       When  profiles  are  interpreted,  the  profile  list  is  loaded  from
       user_attr(5). For each user, there are two sets of profiles, an authen‐
       ticated set, and an unauthenticated set. The user is required to  reau‐
       thenticate prior to executing commands matching an entry in the authen‐
       ticated profiles set.  See  pfexec(1).  If  any  default  profiles  are
       defined  in /etc/security/policy.conf (see policy.conf(5)), the list of
       default profiles are added to the list loaded from user_attr(5). Match‐
       ing entries in prof_attr(5) provide the authorizations list, and match‐
       ing entries in exec_attr(5) provide the commands list.

   Properties
       When invoked with the -p option, the properties of the  specified  pro‐
       file,  as well as the properties of its associated executable files can
       be managed. However, to maintain system integrity, those profiles  that
       are  maintained  by Oracle Solaris can not be modified by this command.
       Such profiles can only be modified via the pkg command during a  system
       update.


       Optionally,  other profiles can also be delivered by the pkg command as
       not modifiable.


       To prevent privilege escalation, the  property  values  are  restricted
       based  on  the  user's  authorizations.  At a minimum, an administrator
       needs to be granted the Rights  Management  profile.  Additionally,  to
       modify  security-related  properties  controlled by delegate authoriza‐
       tions, an administrator must be granted Rights Delegation profile.  See
       exec_attr(5), prof_attr(5), and the following summary for details.


       Property values can be simple strings, or comma-separated lists of sim‐
       ple strings. Simple strings  containing  white  space  must  be  double
       quoted.


       The profiles command operates in both profile and command contexts. The
       profile context is the initial state,  in  which  the  various  profile
       properties  can  be managed. The following table summarizes the proper‐
       ties in the profile context:

         Property Name   Value Type         Required Authorizations

         name            simple             none
         annotation      simple             solaris.account.setpolicy
         auths           list of simple     solaris.auth.{assign/delegate}
         profiles        list of simple     solaris.profile.{assign/delegate}
         privs           list of simple     solaris.privilege.{assign/delegate}
         limitpriv       list of simple     solaris.privilege.{assign/delegate}
         defaultpriv     list of simple     solaris.privilege.{assign/delegate}
         always_audit    list of simple     solaris.audit.assign
         never_audit     list of simple     solaris.audit.assign
         access_times    list of simple     solaris.account.setpolicy
         desc            simple             none
         help            simple             none
         pam_policy      simple             solaris.account.setpolicy
         cmd             simple/new context none



       The command context is entered by specifying the cmd property. While in
       the  command context, the properties of the current command can be man‐
       aged.


       The following table summarizes the properties in the command context:

         Property Name   Value Type         Required Authorizations

         id              simple             none
         privs           list of simple     solaris.privilege.{assign/delegate}
         limitprivs      list of simple     solaris.privilege.{assign/delegate}
         euid            simple             solaris.profile.cmd.setuid
         uid             simple             solaris.profile.cmd.setuid
         egid            simple             solaris.group.{assign/delegate}
         gid             simple             solaris.group.{assign/delegate}
         clearance       simple             solaris.label.delegate



       The values that can be specified in the profile context properties  are
       described  in the following list. An equal sign (=) is required between
       the property and its values as specified in the following list.

       always_audit

           The audit flags specifying event classes to always audit. Only  the
           first   occurrence   of   this   property,  either  in  the  user's
           user_attr(5) entry, or in the ordered list of assigned profiles  is
           applied at login and su.


       annotation

           Specifies whether a user is prompted for an audit record annotation
           description.  yes  requires  the  user  to  provide  an  annotation
           description  when  prompted. optional allows the user to specify an
           annotation description when prompted. no will not prompt  the  user
           for an annotation description, and is the default choice.

           An audit record annotation description is a text line terminated by
           a newline returned by the application's PAM conversation  function.
           The  annotation  text is included in each audit record generated by
           the user.


       auths

           One or more comma-separated authorizations to be added to  the  new
           profile.  If  the wildcard character (*) is use in an authorization
           name, the name must be enclosed in double quotes (").


       cmd

           The fully qualified path to an executable file or the asterisk  (*)
           symbol,  which  is  used  to specify all commands. An asterisk that
           replaces the filename component in a pathname indicates  all  files
           in a particular directory.

           This  is  a special property that is used to enter the command con‐
           text to manage the security properties of a command.

           Either numeric IDs and names can be used for these IDs.

           id

               This property is initially set to the value that was  specified
               by the previous cmd property, but can be modified. When used in
               conjunction with the select subcommand, the  properties  of  an
               existing command can be cloned for subsequent editing.


           pam_policy

               The PAM policy to apply to a user. pam_policy must be either an
               absolute pathname to a pam.conf(5)-formatted file or  the  name
               of   a   pam.conf(5)-formatted   file   located  in  /etc/secu‐
               rity/pam_policy. See pam_user_policy(7) for more information.


           access_times

               One or more comma-separated rules that  specify  the  days  and
               times  that  the corresponding set of applications and services
               can be accessed.

               When checking the times for a specific service name, the evalu‐
               ation  begins with the rules specified through the access_times
               in the user's  user_attr(5)  database,  and  then  follows  the
               access_times  in  the  user's  profiles and subprofiles until a
               matching service name or a wildcard entry is found. If no match
               is  found,  the  user is exempt from time restrictions for that
               service. See user_attr(5) for more information.


           privs

               The set of privileges to be applied to the inheritable  set  of
               the executable process. The default is basic.


           limitprivs

               The  set  of  privileges  to be applied to the limit set of the
               executable process. The default is all.


           euid

               The effective user ID of the process  that  executes  with  the
               command.


           uid

               The real user ID of the process that executes with the command.


           egid

               The  effective  group  ID of the process that executes with the
               command.


           gid

               The real group ID of the process that executes  with  the  com‐
               mand.


           clearance

               The clearance of the process that executes with the command.



       defaultpriv

           The  default  set  of  privileges  assigned to a user's set of pro‐
           cesses. Only the first occurrence of this property, either  in  the
           user's  user_attr(5) entry, or in the ordered list of assigned pro‐
           files is applied at login and su.


       desc

           The description of the new profile. The text must  be  enclosed  in
           quotation marks.


       help

           The  help file name for the new profile. The help file is copied to
           the /usr/lib/help/profiles/locale/locale directory, where locale is
           the value of the user's locale, or C if none is specified. Specify‐
           ing this property is only applicable in the files repository.


       limitpriv

           The maximum set of privileges a user or any process started by  the
           user,  whether  through  su(8) or any other means, can obtain. Only
           the first  occurrence  of  this  property,  either  in  the  user's
           user_attr(5)  entry, or in the ordered list of assigned profiles is
           applied at login and su.


       name

           The name of the profile. The initial value for the name  is  speci‐
           fied  using  -p option on the command line. If the name is changed,
           the current profile properties are applied to the newly named  pro‐
           file.  In this way an existing profile can be cloned for subsequent
           editing. The name must not match an existing profile.


       never_audit

           The audit flags specifying event classes to never audit.  Only  the
           first   occurrence   of   this   property,  either  in  the  user's
           user_attr(5) entry, or in the ordered list of assigned profiles  is
           applied at login and su.


       privs

           The  set  of privileges that can be specified using the P option of
           the pfexec(1) command.


       profiles

           One or more comma-separated supplementary profiles to be  added  to
           the new profile.


OPTIONS
       The following options are supported:

       -a

           Lists  all  the  profile  names  in the specified repository. If no
           repository is specified, it  follows  whatever  is  configured  for
           prof_attr in nsswitch.conf(5).


       -x

           Lists  only  the  profile names in the user's authenticated profile
           set. By default, only the profiles in  the  user's  unauthenticated
           profiles are listed.


       -f command_file

           Specifies the name of profiles command file. command_file is a text
           file of profiles subcommands, one per line.


       -l [user]

           Provides information about all rights profiles that are assigned to
           user  and  lists  the commands and their special process attributes
           such as user and group IDs. Without  the  user  argument,  provides
           this information about the user who is running the command.


       -c command

           Provides  the  name  of the Rights Profile and the matching id that
           would be used if the command were executed using a profile shell by
           the  current  user  or  the  specified  user(s).  The corresponding
           process attributes are also provided when -l is specified.  The  -x
           option limits the search to the user's profiles requiring authenti‐
           cation. If no match is found for any of the  specified  users,  the
           exit status is set to 1. Otherwise it is set to 0.


       -p profile

           Specifies the profile name.


       -S repository

           The valid repositories are files and ldap.


           Note -



             When  updating  the  ldap  repository,  both  the LDAP server and
             client must be configured with EnableShadowUpdate=true.

           repository specifies which name service  is  updated.  The  default
           repository is files.


SUB-COMMANDS
       When  invoked  with  the  -p option, subcommands can be provided on the
       command line or interactively. Multiple subcommands, separated by semi‐
       colons can be specified on the command line by enclosing the entire set
       in quotation marks. The lack of subcommands implies an interactive ses‐
       sion,  during  which  auto-completion  of subcommands can be invoked by
       using the TAB key.


       The add and select subcommands can be used to select  a  specific  com‐
       mand, at which point the context changes to that of the command. During
       an interactive session, the command context is identified by  the  com‐
       mand  basename in the prompt string. The end and cancel subcommands are
       used to complete the command specification, at which time  the  context
       is reverted to the profile context.


       Subcommands that can result in destructive actions or loss of work have
       a -F option to force the action. If input is from  a  terminal  device,
       the user is prompted when appropriate. This could occur if a subcommand
       is given without the -F option. Otherwise, the  action  is  disallowed,
       with a diagnostic message written to standard error.


       The  property-value  can  be a simple value, or a list of simple values
       for those properties which accept lists. The following subcommands  are
       supported:

       add cmd=pathname

           In  the  profile context, begins the specification for a given com‐
           mand. The context is changed to the command type.


       add property-name=property-value

           Adds the specified values to the current property values. This sub‐
           command can only be applied to properties that accept lists.


       cancel

           End  the  command specification and reset context to profile. Aban‐
           dons any partially specified resources. cancel is  only  applicable
           in the command context.


       clear property-name

           Clear the value for the property.


       commit

           Commit the current configuration from memory to stable storage. The
           configuration must be committed for the  changes  to  take  effect.
           Until  the  in-memory  configuration  is  committed, you can remove
           changes  with  the  revert  subcommand.  The  commit  operation  is
           attempted  automatically  upon  completion  of  a profiles session.
           Since a configuration must be correct to be committed, this  opera‐
           tion automatically does a verify.


       delete [-F]

           Delete  the  specified profile from memory and stable storage. This
           operation is not permitted if the profile is included as a  subpro‐
           file  of another profile in the same repository. Instead, a list of
           profiles which include this profile is supplied from which the user
           must manually remove this profile prior to deleting it. Specify the
           -F option to force the action. If  the  deletion  is  allowed,  its
           action is instantaneous and the session is terminated.


       end

           End  the  command specification. This subcommand is only applicable
           in the command context. The profiles command verifies that the cur‐
           rent command is completely specified. If so, it is added to the in-
           memory configuration (see commit for saving this to stable storage)
           and  the  context reverts to the profile context. If the specifica‐
           tion is incomplete, it issues an appropriate error message.


       exit [-F]

           Exit the profiles session. A commit is automatically  attempted  if
           needed.  You can also use an EOF character to exit profiles. The -F
           option can be used to force the action.


       export [-f output-fle]

           Print configuration to standard output. Use the -f option to  print
           the  configuration to output-file. This option produces output in a
           form suitable for use in a command file option.


       help [usage | subcommands | properties | subcommand | property]

           Print general help or help about specific topic.


       info [property-name]

           Display information about the  current  profile  or  the  specified
           property.


       remove cmd=fullpath

           Removes  the specified command from the profile. This subcommand is
           only valid in the profile context.


       remove [-F] cmd

           Removes all the  commands  from  the  profile.  A  confirmation  is
           required,  unless  you  use  the -F option. This subcommand is only
           valid in the profile context.


       remove property-name=property-value

           Remove the specified values from the property.  This  can  only  be
           applied to properties that accept lists.


       revert [-F]

           Revert  the  configuration back to the last committed state. The -F
           option can be used to force the action.


       select cmd=fullpath

           Select the command which matches the given pathname  criteria,  for
           modification.  This  subcommand  is  applicable only in the profile
           context.


       set property-name=property-value

           Set a given property name to the given value. Some properties  (for
           example,  name  and  desc)  are  only valid in the profile context,
           while others are only valid in the command context. This subcommand
           is applicable in both the profile and command contexts.


       verify

           Verify the current configuration for correctness:

               o      The required properties are specified.


               o      The values are valid for each keyword.


               o      The user is authorized to specify the values.



EXAMPLES
       Example 1 Using the profiles Command



       The output of the profiles command has the following form:


         example% profiles tester01 tester02
         tester01 : Audit Management, All Commands
         tester02 : Device Management, All Commands


       Example 2 Using the list Option


         example% profiles -l tester01 tester02
         tester01 :
             Audit Management:
               /usr/sbin/audit          euid=root
               /usr/sbin/auditconfig    euid=root    egid=sys
             All Commands:
               *
         tester02 :
             Device Management:
               /usr/bin/allocate:       euid=root
               /usr/bin/deallocate:     euid=root
             All Commands
               *


       Example 3 Creating a New Profile



       The  following  creates  a  new "User Manager" profile in LDAP. The new
       profile description is "Manage users and groups", and the authorization
       assigned  is solaris.user.manage. The supplementary profile assigned is
       "Mail Management".


         example% profiles -p "User Manager" -S ldap
         profiles:User Manager> set desc="Manage users and groups"
         profiles:User Manager> set auths=solaris.user.manage
         profiles:User Manager> set profiles="Mail Management"
         profiles:User Manager> exit


       Example 4 Displaying Information Regarding a Profile



       The following command displays information regarding the "User Manager"
       profile:


         example% profiles -p "User Manager" -S ldap info
         name=User Manager
         desc=Manage users and  groups
         auths=solaris.user.manage
         profiles=Mail Management


       Example 5 Deleting a Profile



       The following command deletes the "User Manager" profile from LDAP:


         example% profiles -p "User Manager" -S ldap delete -F


       Example 6 Modifying a Profile



       The following modifies the "User Manager" profile in LDAP. The new pro‐
       file description is "Manage world", the new authorization assignment is
       solaris.user.*   authorizations,  and  the  new  supplementary  profile
       assignment is All.


         example% profiles -p "User Manager" -S ldap
         profiles:User Manager> set desc="Manage world"
         profiles:User Manager> set auths="solaris.user.*"
         profiles:User Manager> set profiles=All
         profiles:User Manager> exit


       Example 7 Creating an exec_attr Database Entry



       The following command creates a new exec_attr entry for the "User  Man‐
       ager"  profile in LDAP. The /usr/bin/cp entry is added. The command has
       an effective user ID of 0 and an effective group ID of 0.


         example% profiles -p "User Manager" -S ldap
         profiles:User Manager> add cmd=/usr/bin/cp
         profiles:User Manager:cp> set euid=0
         profiles:User Manager:cp> set egid=0
         profiles:User Manager:cp> end
         profiles:User Manager> exit


       Example 8 Deleting an exec_attr Database Entry



       The following example deletes an exec_attr database entry for the "User
       Manager"  profile  from  LDAP.  The  entry  designated  for the command
       /usr/bin/cp is deleted.


         example% profiles -p "User Manager" -S ldap
         profiles:User Manager> remove cmd=/usr/bin/cp
         profiles:User Manager> exit


       Example 9 Modifying an exec_attr Database Entry



       The following modifies the attributes of the exec_attr  database  entry
       for the User Manager profile in LDAP. The /usr/bin/cp entry is modified
       to execute with the real user ID of 0 and the real group ID of 0.


         example% profiles -p "User Manager" -S ldap
         profiles:User Manager> select cmd=/usr/bin/cp
         profiles:User Manager:cp> clear euid
         profiles:User Manager:cp> clear egid
         profiles:User Manager:cp> set uid=0
         profiles:User Manager:cp> set gid=0
         profiles:User Manager:cp> end
         profiles:User Manager> exit


       Example 10 Showing the Attributes Associated With a Command



       The following shows the process attributes that would be applied to the
       command  /usr/sbin/useradd  when  executed by two users, John and Mary,
       using a profile shell.


         example% profiles -lc /usr/sbin/useradd john mary
         john:
         name=User Management
         id=/usr/sbin/useradd
         euid=0

         mary:
         name=All
         id=*


EXIT STATUS
       The following exit values are returned:

       0

           Successful completion


       1

           An error occurred or no profile matching the command is assigned to
           the user(s)


FILES
       /etc/security/exec_attr


       /etc/security/prof_attr


       /etc/user_attr


       /etc/security/policy.conf

ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       tab()  box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
       TRIBUTE VALUE _ Availabilitysystem/core-os


SEE ALSO
       auths(1), pfexec(1), pkg(1), roles(1),  getprofattr(3C),  auth_attr(5),
       exec_attr(5),     nsswitch.conf(5),     pam.conf(5),    policy.conf(5),
       prof_attr(5),     user_attr(5),     attributes(7),      audit_flags(7),
       pam_user_policy(7), privileges(7), rbac(7)


       Working With Oracle Solaris 11.4 Directory and Naming Services: LDAP



Oracle Solaris 11.4               21 Jun 2021                      profiles(1)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3