svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
profiles(1)
profiles(1) User Commands profiles(1)
NAME
profiles - list and manage rights profiles
SYNOPSIS
profiles [-lx] [-c command] [user ...] [-S repository]
profiles [-la] [-S repository]
profiles -p profile [-S repository] [subcommand]
profiles -p profile [-S repository] -f command_file
profiles help
DESCRIPTION
The profiles utility creates and modifies the configuration of a rights
profile in the prof_attr(5) or exec_attr(5) databases in the local
files name service or LDAP name service. A rights profile configuration
consists of a profile name and a number of properties.
The following synopsis of the profiles subcommand is for interactive
usage:
profiles -p profile [-S repository] [subcommand]
The profiles command prints on standard output the names of the rights
profiles that have been assigned to you or to the optionally-specified
user or role name. Profiles are a bundling mechanism used to enumerate
the commands and authorizations needed to perform a specific function.
Along with each listed executable are the process attributes, such as
the effective user and group IDs, with which the process runs when
started by a privileged command interpreter. See the pfexec(1) man
page. Profiles can contain other profiles defined in prof_attr(5).
Multiple profiles can be combined to construct the appropriate access
control. When profiles are assigned, the authorizations are added to
the existing set. If the same command appears in multiple profiles, the
first occurrence, as determined by the ordering of the profiles is used
for process-attribute settings. For convenience, a wildcard can be
specified to match all commands.
The special profile "Stop" shortcuts the evaluations of further pro‐
files. Profiles seen after the "Stop" profile are not evaluated nor are
they used to find additional commands. This profile can be used to
sidestep profiles listed in /etc/security/policy.conf with the
PROF_GRANTED key and the authorizations listed with AUTH_GRANTED in
that file.
When profiles are interpreted, the profile list is loaded from
user_attr(5). For each user, there are two sets of profiles, an authen‐
ticated set, and an unauthenticated set. The user is required to reau‐
thenticate prior to executing commands matching an entry in the authen‐
ticated profiles set. See pfexec(1). If any default profiles are
defined in /etc/security/policy.conf (see policy.conf(5)), the list of
default profiles are added to the list loaded from user_attr(5). Match‐
ing entries in prof_attr(5) provide the authorizations list, and match‐
ing entries in exec_attr(5) provide the commands list.
Properties
When invoked with the -p option, the properties of the specified pro‐
file, as well as the properties of its associated executable files can
be managed. However, to maintain system integrity, those profiles that
are maintained by Oracle Solaris can not be modified by this command.
Such profiles can only be modified via the pkg command during a system
update.
Optionally, other profiles can also be delivered by the pkg command as
not modifiable.
To prevent privilege escalation, the property values are restricted
based on the user's authorizations. At a minimum, an administrator
needs to be granted the Rights Management profile. Additionally, to
modify security-related properties controlled by delegate authoriza‐
tions, an administrator must be granted Rights Delegation profile. See
exec_attr(5), prof_attr(5), and the following summary for details.
Property values can be simple strings, or comma-separated lists of sim‐
ple strings. Simple strings containing white space must be double
quoted.
The profiles command operates in both profile and command contexts. The
profile context is the initial state, in which the various profile
properties can be managed. The following table summarizes the proper‐
ties in the profile context:
Property Name Value Type Required Authorizations
name simple none
annotation simple solaris.account.setpolicy
auths list of simple solaris.auth.{assign/delegate}
profiles list of simple solaris.profile.{assign/delegate}
privs list of simple solaris.privilege.{assign/delegate}
limitpriv list of simple solaris.privilege.{assign/delegate}
defaultpriv list of simple solaris.privilege.{assign/delegate}
always_audit list of simple solaris.audit.assign
never_audit list of simple solaris.audit.assign
access_times list of simple solaris.account.setpolicy
desc simple none
help simple none
pam_policy simple solaris.account.setpolicy
cmd simple/new context none
The command context is entered by specifying the cmd property. While in
the command context, the properties of the current command can be man‐
aged.
The following table summarizes the properties in the command context:
Property Name Value Type Required Authorizations
id simple none
privs list of simple solaris.privilege.{assign/delegate}
limitprivs list of simple solaris.privilege.{assign/delegate}
euid simple solaris.profile.cmd.setuid
uid simple solaris.profile.cmd.setuid
egid simple solaris.group.{assign/delegate}
gid simple solaris.group.{assign/delegate}
clearance simple solaris.label.delegate
The values that can be specified in the profile context properties are
described in the following list. An equal sign (=) is required between
the property and its values as specified in the following list.
always_audit
The audit flags specifying event classes to always audit. Only the
first occurrence of this property, either in the user's
user_attr(5) entry, or in the ordered list of assigned profiles is
applied at login and su.
annotation
Specifies whether a user is prompted for an audit record annotation
description. yes requires the user to provide an annotation
description when prompted. optional allows the user to specify an
annotation description when prompted. no will not prompt the user
for an annotation description, and is the default choice.
An audit record annotation description is a text line terminated by
a newline returned by the application's PAM conversation function.
The annotation text is included in each audit record generated by
the user.
auths
One or more comma-separated authorizations to be added to the new
profile. If the wildcard character (*) is use in an authorization
name, the name must be enclosed in double quotes (").
cmd
The fully qualified path to an executable file or the asterisk (*)
symbol, which is used to specify all commands. An asterisk that
replaces the filename component in a pathname indicates all files
in a particular directory.
This is a special property that is used to enter the command con‐
text to manage the security properties of a command.
Either numeric IDs and names can be used for these IDs.
id
This property is initially set to the value that was specified
by the previous cmd property, but can be modified. When used in
conjunction with the select subcommand, the properties of an
existing command can be cloned for subsequent editing.
pam_policy
The PAM policy to apply to a user. pam_policy must be either an
absolute pathname to a pam.conf(5)-formatted file or the name
of a pam.conf(5)-formatted file located in /etc/secu‐
rity/pam_policy. See pam_user_policy(7) for more information.
access_times
One or more comma-separated rules that specify the days and
times that the corresponding set of applications and services
can be accessed.
When checking the times for a specific service name, the evalu‐
ation begins with the rules specified through the access_times
in the user's user_attr(5) database, and then follows the
access_times in the user's profiles and subprofiles until a
matching service name or a wildcard entry is found. If no match
is found, the user is exempt from time restrictions for that
service. See user_attr(5) for more information.
privs
The set of privileges to be applied to the inheritable set of
the executable process. The default is basic.
limitprivs
The set of privileges to be applied to the limit set of the
executable process. The default is all.
euid
The effective user ID of the process that executes with the
command.
uid
The real user ID of the process that executes with the command.
egid
The effective group ID of the process that executes with the
command.
gid
The real group ID of the process that executes with the com‐
mand.
clearance
The clearance of the process that executes with the command.
defaultpriv
The default set of privileges assigned to a user's set of pro‐
cesses. Only the first occurrence of this property, either in the
user's user_attr(5) entry, or in the ordered list of assigned pro‐
files is applied at login and su.
desc
The description of the new profile. The text must be enclosed in
quotation marks.
help
The help file name for the new profile. The help file is copied to
the /usr/lib/help/profiles/locale/locale directory, where locale is
the value of the user's locale, or C if none is specified. Specify‐
ing this property is only applicable in the files repository.
limitpriv
The maximum set of privileges a user or any process started by the
user, whether through su(8) or any other means, can obtain. Only
the first occurrence of this property, either in the user's
user_attr(5) entry, or in the ordered list of assigned profiles is
applied at login and su.
name
The name of the profile. The initial value for the name is speci‐
fied using -p option on the command line. If the name is changed,
the current profile properties are applied to the newly named pro‐
file. In this way an existing profile can be cloned for subsequent
editing. The name must not match an existing profile.
never_audit
The audit flags specifying event classes to never audit. Only the
first occurrence of this property, either in the user's
user_attr(5) entry, or in the ordered list of assigned profiles is
applied at login and su.
privs
The set of privileges that can be specified using the P option of
the pfexec(1) command.
profiles
One or more comma-separated supplementary profiles to be added to
the new profile.
OPTIONS
The following options are supported:
-a
Lists all the profile names in the specified repository. If no
repository is specified, it follows whatever is configured for
prof_attr in nsswitch.conf(5).
-x
Lists only the profile names in the user's authenticated profile
set. By default, only the profiles in the user's unauthenticated
profiles are listed.
-f command_file
Specifies the name of profiles command file. command_file is a text
file of profiles subcommands, one per line.
-l [user]
Provides information about all rights profiles that are assigned to
user and lists the commands and their special process attributes
such as user and group IDs. Without the user argument, provides
this information about the user who is running the command.
-c command
Provides the name of the Rights Profile and the matching id that
would be used if the command were executed using a profile shell by
the current user or the specified user(s). The corresponding
process attributes are also provided when -l is specified. The -x
option limits the search to the user's profiles requiring authenti‐
cation. If no match is found for any of the specified users, the
exit status is set to 1. Otherwise it is set to 0.
-p profile
Specifies the profile name.
-S repository
The valid repositories are files and ldap.
Note -
When updating the ldap repository, both the LDAP server and
client must be configured with EnableShadowUpdate=true.
repository specifies which name service is updated. The default
repository is files.
SUB-COMMANDS
When invoked with the -p option, subcommands can be provided on the
command line or interactively. Multiple subcommands, separated by semi‐
colons can be specified on the command line by enclosing the entire set
in quotation marks. The lack of subcommands implies an interactive ses‐
sion, during which auto-completion of subcommands can be invoked by
using the TAB key.
The add and select subcommands can be used to select a specific com‐
mand, at which point the context changes to that of the command. During
an interactive session, the command context is identified by the com‐
mand basename in the prompt string. The end and cancel subcommands are
used to complete the command specification, at which time the context
is reverted to the profile context.
Subcommands that can result in destructive actions or loss of work have
a -F option to force the action. If input is from a terminal device,
the user is prompted when appropriate. This could occur if a subcommand
is given without the -F option. Otherwise, the action is disallowed,
with a diagnostic message written to standard error.
The property-value can be a simple value, or a list of simple values
for those properties which accept lists. The following subcommands are
supported:
add cmd=pathname
In the profile context, begins the specification for a given com‐
mand. The context is changed to the command type.
add property-name=property-value
Adds the specified values to the current property values. This sub‐
command can only be applied to properties that accept lists.
cancel
End the command specification and reset context to profile. Aban‐
dons any partially specified resources. cancel is only applicable
in the command context.
clear property-name
Clear the value for the property.
commit
Commit the current configuration from memory to stable storage. The
configuration must be committed for the changes to take effect.
Until the in-memory configuration is committed, you can remove
changes with the revert subcommand. The commit operation is
attempted automatically upon completion of a profiles session.
Since a configuration must be correct to be committed, this opera‐
tion automatically does a verify.
delete [-F]
Delete the specified profile from memory and stable storage. This
operation is not permitted if the profile is included as a subpro‐
file of another profile in the same repository. Instead, a list of
profiles which include this profile is supplied from which the user
must manually remove this profile prior to deleting it. Specify the
-F option to force the action. If the deletion is allowed, its
action is instantaneous and the session is terminated.
end
End the command specification. This subcommand is only applicable
in the command context. The profiles command verifies that the cur‐
rent command is completely specified. If so, it is added to the in-
memory configuration (see commit for saving this to stable storage)
and the context reverts to the profile context. If the specifica‐
tion is incomplete, it issues an appropriate error message.
exit [-F]
Exit the profiles session. A commit is automatically attempted if
needed. You can also use an EOF character to exit profiles. The -F
option can be used to force the action.
export [-f output-fle]
Print configuration to standard output. Use the -f option to print
the configuration to output-file. This option produces output in a
form suitable for use in a command file option.
help [usage | subcommands | properties | subcommand | property]
Print general help or help about specific topic.
info [property-name]
Display information about the current profile or the specified
property.
remove cmd=fullpath
Removes the specified command from the profile. This subcommand is
only valid in the profile context.
remove [-F] cmd
Removes all the commands from the profile. A confirmation is
required, unless you use the -F option. This subcommand is only
valid in the profile context.
remove property-name=property-value
Remove the specified values from the property. This can only be
applied to properties that accept lists.
revert [-F]
Revert the configuration back to the last committed state. The -F
option can be used to force the action.
select cmd=fullpath
Select the command which matches the given pathname criteria, for
modification. This subcommand is applicable only in the profile
context.
set property-name=property-value
Set a given property name to the given value. Some properties (for
example, name and desc) are only valid in the profile context,
while others are only valid in the command context. This subcommand
is applicable in both the profile and command contexts.
verify
Verify the current configuration for correctness:
o The required properties are specified.
o The values are valid for each keyword.
o The user is authorized to specify the values.
EXAMPLES
Example 1 Using the profiles Command
The output of the profiles command has the following form:
example% profiles tester01 tester02
tester01 : Audit Management, All Commands
tester02 : Device Management, All Commands
Example 2 Using the list Option
example% profiles -l tester01 tester02
tester01 :
Audit Management:
/usr/sbin/audit euid=root
/usr/sbin/auditconfig euid=root egid=sys
All Commands:
*
tester02 :
Device Management:
/usr/bin/allocate: euid=root
/usr/bin/deallocate: euid=root
All Commands
*
Example 3 Creating a New Profile
The following creates a new "User Manager" profile in LDAP. The new
profile description is "Manage users and groups", and the authorization
assigned is solaris.user.manage. The supplementary profile assigned is
"Mail Management".
example% profiles -p "User Manager" -S ldap
profiles:User Manager> set desc="Manage users and groups"
profiles:User Manager> set auths=solaris.user.manage
profiles:User Manager> set profiles="Mail Management"
profiles:User Manager> exit
Example 4 Displaying Information Regarding a Profile
The following command displays information regarding the "User Manager"
profile:
example% profiles -p "User Manager" -S ldap info
name=User Manager
desc=Manage users and groups
auths=solaris.user.manage
profiles=Mail Management
Example 5 Deleting a Profile
The following command deletes the "User Manager" profile from LDAP:
example% profiles -p "User Manager" -S ldap delete -F
Example 6 Modifying a Profile
The following modifies the "User Manager" profile in LDAP. The new pro‐
file description is "Manage world", the new authorization assignment is
solaris.user.* authorizations, and the new supplementary profile
assignment is All.
example% profiles -p "User Manager" -S ldap
profiles:User Manager> set desc="Manage world"
profiles:User Manager> set auths="solaris.user.*"
profiles:User Manager> set profiles=All
profiles:User Manager> exit
Example 7 Creating an exec_attr Database Entry
The following command creates a new exec_attr entry for the "User Man‐
ager" profile in LDAP. The /usr/bin/cp entry is added. The command has
an effective user ID of 0 and an effective group ID of 0.
example% profiles -p "User Manager" -S ldap
profiles:User Manager> add cmd=/usr/bin/cp
profiles:User Manager:cp> set euid=0
profiles:User Manager:cp> set egid=0
profiles:User Manager:cp> end
profiles:User Manager> exit
Example 8 Deleting an exec_attr Database Entry
The following example deletes an exec_attr database entry for the "User
Manager" profile from LDAP. The entry designated for the command
/usr/bin/cp is deleted.
example% profiles -p "User Manager" -S ldap
profiles:User Manager> remove cmd=/usr/bin/cp
profiles:User Manager> exit
Example 9 Modifying an exec_attr Database Entry
The following modifies the attributes of the exec_attr database entry
for the User Manager profile in LDAP. The /usr/bin/cp entry is modified
to execute with the real user ID of 0 and the real group ID of 0.
example% profiles -p "User Manager" -S ldap
profiles:User Manager> select cmd=/usr/bin/cp
profiles:User Manager:cp> clear euid
profiles:User Manager:cp> clear egid
profiles:User Manager:cp> set uid=0
profiles:User Manager:cp> set gid=0
profiles:User Manager:cp> end
profiles:User Manager> exit
Example 10 Showing the Attributes Associated With a Command
The following shows the process attributes that would be applied to the
command /usr/sbin/useradd when executed by two users, John and Mary,
using a profile shell.
example% profiles -lc /usr/sbin/useradd john mary
john:
name=User Management
id=/usr/sbin/useradd
euid=0
mary:
name=All
id=*
EXIT STATUS
The following exit values are returned:
0
Successful completion
1
An error occurred or no profile matching the command is assigned to
the user(s)
FILES
/etc/security/exec_attr
/etc/security/prof_attr
/etc/user_attr
/etc/security/policy.conf
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/core-os
SEE ALSO
auths(1), pfexec(1), pkg(1), roles(1), getprofattr(3C), auth_attr(5),
exec_attr(5), nsswitch.conf(5), pam.conf(5), policy.conf(5),
prof_attr(5), user_attr(5), attributes(7), audit_flags(7),
pam_user_policy(7), privileges(7), rbac(7)
Working With Oracle Solaris 11.4 Directory and Naming Services: LDAP
Oracle Solaris 11.4 21 Jun 2021 profiles(1)