svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
smf_security(7)
Standards, Environments, Macros, Character Sets, and miscellany
smf_security(7)
NAME
smf_security - service management facility security behavior
DESCRIPTION
The configuration subsystem for the service management facility,
smf(7), requires privilege to modify the configuration of a service.
Privileges are granted to a user by associating the rbac(7) authoriza‐
tions and profiles described below to the user through usermod command.
For more information, see the usermod(8) man page.
The following authorization is used to manipulate services and service
instances.
solaris.smf.modify Authorized to add, delete, or modify services,
service instances, or their properties, and to
read protected property values.
Property Group Authorizations
The smf(7) configuration subsystem associates properties with each ser‐
vice and service instance. Related properties are grouped. Groups can
represent an execution method, credential information, application
data, or restarter state. The ability to create or modify property
groups can cause smf(7) components to perform actions that can require
operating system privilege. Accordingly, the framework requires appro‐
priate authorization to manipulate property groups.
Each property group has a type corresponding to its purpose. The core
property group types are method, dependency, framework, and application
(where application is the recommended type for property groups contain‐
ing application data). The following basic authorizations apply only to
the core property group types:
solaris.smf.modify.method
Authorized to change values or create, delete, or modify a property
group of type method.
solaris.smf.modify.dependency
Authorized to change values or create, delete, or modify a property
group of type dependency.
solaris.smf.modify.application
Authorized to change values, read protected values, and create,
delete, or modify a property group of type application.
solaris.smf.modify.framework
Authorized to change values or create, delete, or modify a property
group of type framework.
solaris.smf.modify
Authorized to add, delete, or modify services, service instances,
or their properties, and to read protected property values.
Property group-specific authorization can be specified by properties
contained in the property group.
modify_authorization
Authorizations allow the addition, deletion, or modification of
properties within the property group, and the retrieval of property
values from the property group if protected.
value_authorization
Authorization to modify the configuration of a particular service
is conventionally granted using the solaris.smf.value.<service>
authorization.
read_authorization
Authorization to read protected property groups is conventionally
granted using the same authorization as it is used to grant the
write access, so that only those users authorized to write pro‐
tected configuration values are allowed to read them.
The above authorization properties are only used if they have type
astring. If an instance property group does not have one of the proper‐
ties, but the instance's service has a property group of the same name
with the property, its values are used.
Protected Property Groups
Normally, all property values in the repository can be read by any user
without explicit authorization. Property groups of non-framework types
can be used to store properties with values that require protection.
They must not be revealed except upon proper authorization. A property
group's status as protected is indicated by the presence of a string-
valued read_authorization property. If this property is present, the
values of all properties in the property group is retrievable only as
described in Property Group Authorizations.
Administrative domains with policies that prohibit backup of data con‐
sidered sensitive should exclude the SMF repository databases from
their backups. In the face of such a policy, non-protected property
values can be backed up by using the svccfg(8) archive command to cre‐
ate an archive of the repository without protected property values.
Service Action Authorization
Certain actions on service instances can result in service interruption
or deactivation. These actions require an authorization to ensure that
any denial of service is a deliberate administrative action. Such
actions include a request for execution of the refresh or restart meth‐
ods, or placement of a service instance in the maintenance or other
non-operational state. The following authorization allows such actions
to be requested:
solaris.smf.manage Authorization to enable, disable, restart,
refresh, or administer a particular service is
conventionally granted using the solaris.smf.man‐
age.<service> authorization.
In addition, the general/action_authorization property can specify
additional authorizations that permit service actions to be requested
for that service instance. The solaris.smf.manage authorization is
required to modify this property.
Defined Rights Profiles
Two rights profiles are included that offer grouped authorizations for
manipulating typical smf(7) operations.
Service Management
A service manager can manipulate any service in the repository in
any way. It corresponds to the solaris.smf.manage and
solaris.smf.modify authorizations.
The service management profile is the minimum required to use the
pkg command to add or remove software packages that contain an
inventory of services in its service manifest.
Service Operator
A service operator has the ability to enable or disable any service
instance on the system, as well as request that its restart or
refresh method be executed. It corresponds to the solaris.smf.man‐
age and solaris.smf.modify.framework authorizations.
Sites can define additional rights profiles customized to their
needs.
Remote Repository Modification
Remote repository servers can deny modification attempts due to addi‐
tional privilege checks. See NOTES.
EXAMPLES
Example 1 Allow user to modify system/cron services without becoming
root.
Adding the following line to /etc/user_attr allows the user "johndoe"
to restart, enable, disable or other state modification of system/cron
service without becoming root.
usermod -A +solaris.smf.manage.cron
Example 2 Allow user to modify any property on any service and modify
system/cron services without becoming root.
Adding the following line to /etc/user_attr allows the user "janedoe"
to modify any property on any service, and restart, enable, disable or
other state modification of system/cron service without becoming root.
usermod -A +auths=solaris.smf.modify,solaris.smf.manage.cron janedoe
SEE ALSO
auths(1), profiles(1), prof_attr(5), user_attr(5), rbac(7), smf(7),
svccfg(8), usermod(8)
NOTES
The present version of smf(7) does not support remote repositories.
When a service is configured to be started as root but with privileges
different from limit_privileges, the resulting process is privilege
aware. This can be surprising to developers who expect seteuid(<non-
zero UID>) to reduce privileges to basic or less.
Oracle Solaris 11.4 24 Mar 2020 smf_security(7)