exec_attr(5) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨 페이지 이름
검색(S)

exec_attr(5)

exec_attr(5)                     File Formats                     exec_attr(5)



NAME
       exec_attr - execution profiles database

SYNOPSIS
       /etc/security/exec_attr
       /etc/security/exec_attr.d/package

DESCRIPTION
       /etc/security/exec_attr  is  a local database that specifies the execu‐
       tion attributes associated with profiles. The  exec_attr  file  can  be
       used with other sources for execution profiles, including the exec_attr
       NIS map. Programs use  the  getexecattr(3C)  routines  to  access  this
       information.


       /etc/security/exec_attr  entries  are  locally  managed  by  the system
       administrator. The /etc/security/exec_attr.d directory  contains  addi‐
       tional  entries installed by packages which should not be locally modi‐
       fied. If an  entry  appears  in  multiple  files  in  these  locations,
       /etc/security/exec_attr  takes precedence. The getent(8) command may be
       used to verify the active entries in this database.


       The search order for multiple execution profile sources is specified in
       the  nsswitch.conf(5)  man page. The search order follows the entry for
       prof_attr(5).


       A profile is a logical grouping of authorizations and commands that  is
       interpreted  by a profile shell to form a secure execution environment.
       The shells that interpret profiles are described  in  the  pfsh(1)  man
       page.  Each  user's  account  is  assigned zero or more profiles in the
       user_attr(5) database.


       Each entry in the exec_attr database consists of one line of text  con‐
       taining  seven fields separated by colons (:). Line continuations using
       the backslash (\) character are permitted. The  basic  format  of  each
       entry is:


       name:policy:type:res1:res2:id:attr

       name      The name of the profile. Profile names are case-sensitive.


       policy    The  security  policy  that  is  associated  with the profile
                 entry. The valid policy type is solaris. The  solaris  policy
                 recognizes privileges. See privileges(7).


       type      The  type of object defined in the profile. The valid type is
                 cmd. The cmd type specifies that the ID field  is  a  command
                 that would be executed by a shell.


       res1      The  characters RO in this field indicate it is read only and
                 not modifiable by the tools that update this database.


       res2      Reserved for future use.


       id        A string that uniquely identifies the object described by the
                 profile. For a profile of type cmd, the id is either the full
                 path to the command or the asterisk (*) symbol, which is used
                 to allow all commands. An asterisk that replaces the filename
                 component in a pathname indicates all files in  a  particular
                 directory.

                 To  specify  arguments,  the pathname should point to a shell
                 script that is  written  to  execute  the  command  with  the
                 desired  argument.  In  a  Bourne shell, the effective UID is
                 reset to the real UID of the process when the  effective  UID
                 is  less than 100 and not equal to the real UID. Depending on
                 the euid and egid values, Bourne shell limitations might make
                 other  shells  preferable. To prevent the effective UIDs from
                 being reset to real UIDs, you can start the script  with  the
                 -p option.

                   #!/usr/sunos/bin/sh -p



       attr      An  optional  list of semicolon-separated (;) key-value pairs
                 that describe the security attributes to apply to the  object
                 upon  execution. Zero or more keys can be specified. The list
                 of valid key words depends on the policy enforced.  The  fol‐
                 lowing key words are valid: euid, uid, egid, gid, privs, lim‐
                 itprivs, and clearance.

                 euid and uid contain a single user name or a numeric user ID.
                 Commands  designated  with  euid  run  with the effective UID
                 indicated, which is similar to setting the setuid bit  on  an
                 executable  file.  Commands designated with uid run with both
                 the real and effective UIDs. Setting uid might be more appro‐
                 priate than setting the euid on privileged shell scripts.

                 egid  and  gid contain a single group name or a numeric group
                 ID. Commands designated with egid run with the effective  GID
                 indicated,  which  is  similar to setting the setgid bit on a
                 file. Commands designated with gid run with both the real and
                 effective  GIDs.  Setting  gid might be more appropriate than
                 setting guid on privileged shell scripts.

                 privs contains a privilege set which are added to the inheri‐
                 table set prior to running the command.

                 privs  contains a privilege set which is added to the inheri‐
                 table set prior to running the command. Privileges  including
                 those  in basic set are preceded by a dash (-) or an exclama‐
                 tion mark (!), may be removed from the inheritable set.

                 limitprivs contains a privilege set which are assigned to the
                 limit set prior to running the command.

                 privs and limitprivs are only valid for the solaris policy.

                 clearance  contains  a  process  label specification in human
                 readable or internal textual formats. See labels(7). When you
                 apply this attribute to the associated command, the execution
                 fails with EACCES. This happens if this clearance is not dom‐
                 inated  by  the clearance explicitly specified in the real or
                 effective user's user_attr(5) entry,  or  implicitly  by  the
                 default clearance specified through labelcfg(8).

                 clearance is ignored when Trusted Extensions is enabled.


EXAMPLES
       Example 1 Using Privileges



       The  following  example  shows the audit command specified in the Audit
       Control profile to execute with the proc_owner privilege:


         Audit Control:solaris:cmd:::/usr/sbin/audit:privs=proc_owner


FILES
       /etc/security/exec_attr

           Locally added entries.


       /etc/security/exec_attr.d/*

           Entries added by package installation.


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE  TYPEAT‐
       TRIBUTE VALUE _ AvailabilitySee below.  _ Interface StabilitySee below.


   Availability
       /etc/security/exec_attr is delivered in the system/core-os package.


       /etc/security/exec_attr.d/  files  are  delivered  in the packages that
       provide the software they are associated with.

   Interface Stability
       The format is Committed. The contents have no stability attributes.

NOTES
       Because the list of legal keys is  likely  to  expand,  any  code  that
       parses  this database must be written to ignore unknown key-value pairs
       without error. When any new keywords are created, the names  should  be
       prefixed  with  a unique string, such as the company's stock symbol, to
       avoid potential naming conflicts.


       The following characters are used in describing the database format and
       must  be escaped with a backslash if used as data: colon (:), semicolon
       (;), equals (=), and backslash (\).


       The authorizations required to set various fields are:

         name       profile name            solaris.profile.cmd.manage
         policy     security policy         solaris.profile.cmd.manage
         type       type of object defined  solaris.profile.cmd.manage
                      in the profile
         id full path of command            solaris.profile.cmd.manage



       The authorizations required to set attr security attributes of the com‐
       mand are:

         euid        euid of the command      solaris.profile.cmd.setuid
                     process
         uid         uid of the command       solaris.profile.cmd.setuid
                     process
         egid        egid of the command      solaris.group.assign/delegate
                     process
         gid         gid of the command       solaris.group.assign/delegate
                     process
         privs       privileges added to
                     the inheritable set of   solaris.privilege.assign/delegate
                     privileges for the
                     command. An Extended
                     Policy can be specified
                     here. See privileges(7).
         limitprivs  privileges assigned to
                     the limit set of         solaris.privilege.assign/delegate
                     privileges for the
                     command
         clearance   clearance of the command
                     process                  solaris.label.delegate



       The  value  of  limitprivs  that can be set by an authorized user for a
       given command are limited to the limitprivs privileges that are granted
       to the user.


       The  value  of  the  privs  that can be set by an authorized user for a
       given command are limited to the defaultprivs privileges granted to the
       user.


       The  solaris.privilege.assign  authorization allows the authorized user
       to grant any privilege to  a  command.  The  solaris.privilege.delegate
       allows  the  authorized user to grant privileges from the user's privi‐
       lege sets. See group(5) for more  information  on  solaris.group.assign
       and solaris.group.delegate.


       The  solaris.label.delegate authorization allows the authorized user to
       specify a clearance value that  is  dominated  by  the  user's  current
       clearance.


       When  normal  user  processes are executed at the user's maximum clear‐
       ance, this attribute can only be used  to  lower  a  command's  process
       label.  The  clearance  attribute  is  more  useful in a role's profile
       because the current user's process label is maintained when assuming  a
       role  with a higher clearance. In this case the clearance attribute can
       be used to raise the command's process label up to the  role's  maximum
       clearance.

SEE ALSO
       auths(1),   profiles(1),   roles(1),   sh(1s),   kva_match(3C),  getau‐
       thattr(3C),    getexecattr(3C),    getprofattr(3C),    getuserattr(3C),
       auth_attr(5),   group(5),  prof_attr(5),  user_attr(5),  attributes(7),
       privileges(7), rbac(7)

HISTORY
       Support  for  /etc/security/exec_attr.d/  files  was  added  in  Oracle
       Solaris 11.0.0.


       /etc/security/exec_attr was added in Solaris 8.



Oracle Solaris 11.4               21 Jun 2021                     exec_attr(5)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3