|
1 # |
|
2 # CDDL HEADER START |
|
3 # |
|
4 # The contents of this file are subject to the terms of the |
|
5 # Common Development and Distribution License (the "License"). |
|
6 # You may not use this file except in compliance with the License. |
|
7 # |
|
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
9 # or http://www.opensolaris.org/os/licensing. |
|
10 # See the License for the specific language governing permissions |
|
11 # and limitations under the License. |
|
12 # |
|
13 # When distributing Covered Code, include this CDDL HEADER in each |
|
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
15 # If applicable, add the following below this CDDL HEADER, with the |
|
16 # fields enclosed by brackets "[]" replaced with your own identifying |
|
17 # information: Portions Copyright [yyyy] [name of copyright owner] |
|
18 # |
|
19 # CDDL HEADER END |
|
20 # |
|
21 |
|
22 # |
|
23 # Copyright 2008 Sun Microsystems, Inc. All rights reserved. |
|
24 # Use is subject to license terms. |
|
25 # |
|
26 # ident "@(#)prof_attr.txt 1.47 08/05/14 SMI" |
|
27 # |
|
28 |
|
29 # |
|
30 # /etc/security/prof_attr |
|
31 # |
|
32 # profiles attributes. see prof_attr(4) |
|
33 # |
|
34 All:::Execute any command as the user or role:help=RtAll.html |
|
35 Apache 22 Administration::::auths=solaris.smf.manage.http/apache22,solaris.smf.value.http/apache22 |
|
36 Application Server Management:::Administrator of Application Server: |
|
37 Audit Control:::Configure Solaris Auditing:auths=solaris.audit.config,solaris.jobs.admin,solaris.admin.logsvc.purge,solaris.admin.logsvc.read;help=RtAuditCtrl.html |
|
38 Audit Review:::Review Solaris Auditing logs:auths=solaris.audit.read;help=RtAuditReview.html |
|
39 Basic Actions:::A minimum set of actions necessary to login through the Common Desktop Environment and perform simple operations.:help=RtBasicActions.html |
|
40 Basic Solaris User:::Automatically assigned rights:auths=solaris.profmgr.read,solaris.jobs.user,solaris.mail.mailq,solaris.device.mount.removable,solaris.admin.usermgr.read,solaris.admin.logsvc.read,solaris.admin.fsmgr.read,solaris.admin.serialmgr.read,solaris.admin.diskmgr.read,solaris.admin.procmgr.user,solaris.compsys.read,solaris.admin.printer.read,solaris.admin.prodreg.read,solaris.admin.dcmgr.read,solaris.snmp.read,solaris.project.read,solaris.admin.patchmgr.read,,solaris.network.hosts.read,solaris.admin.volmgr.read;profiles=All;help=RtDefault.html |
|
41 Brightness:::For authorized users to Control LCD Brightness:auths=solaris.system.power.brightness;help=RtSysPowerMgmtBrightness.html |
|
42 CPU Power Management:::For authorized users to manage CPU Power:auths=solaris.system.power.cpu;help=RtCPUPowerManagement.html |
|
43 CUPS Administration::::auths=solaris.smf.manage.cups |
|
44 Console User:::Manage System as the Console User:profiles=Suspend To RAM,Suspend To Disk,Brightness,CPU Power Management;auths=solaris.system.shutdown;help=RtConsUser.html |
|
45 Contract Observer:::Reliably observe any/all contract events:help=RtContractObserver.html |
|
46 Cron Management:::Manage at and cron jobs:auths=solaris.jobs.*,solaris.smf.manage.cron;help=RtCronMngmnt.html |
|
47 Crypto Management:::Cryptographic Framework Administration:help=RtCryptoMngmnt.html |
|
48 D-BUS Management:::Manage D-BUS:auths=solaris.smf.manage.dbus;help=RtDBUSMngmnt.html |
|
49 DAT Administration:::Manage the DAT configuration:help=RtDatAdmin.html |
|
50 DHCP Management:::Manage the DHCP service:auths=solaris.dhcpmgr.*;help=RtDHCPMngmnt.html |
|
51 Desktop Configuration:::Configure graphical desktop software:auths=solaris.smf.manage.x11,solaris.smf.manage.font,solaris.smf.manage.dt.login |
|
52 Device Management:::Control Access to Removable Media:auths=solaris.device.*,solaris.admin.serialmgr.*;help=RtDeviceMngmnt.html |
|
53 Device Security:::Manage devices and Volume Manager:auths=solaris.device.*,solaris.smf.manage.dt.login,solaris.admin.serialmgr.*;help=RtDeviceSecurity.html |
|
54 FTP Management:::Manage the FTP server:help=RtFTPMngmnt.html |
|
55 File System Management:::Manage, mount, share file systems:profiles=SMB Management,VSCAN Management,SMBFS Management;auths=solaris.smf.manage.autofs,solaris.smf.manage.shares.*,solaris.smf.value.shares.*,solaris.admin.fsmgr.*,solaris.admin.diskmgr.*,solaris.admin.volmgr.*;help=RtFileSysMngmnt.html |
|
56 File System Security:::Manage file system security attributes:help=RtFileSysSecurity.html;auths=solaris.admin.fsmgr.*,solaris.admin.diskmgr.*,solaris.admin.volmgr.* |
|
57 HAL Management:::Manage HAL SMF service:auths=solaris.smf.manage.hal;help=RtHALMngmnt.html |
|
58 IP Filter Management:::IP Filter Administration:help=RtIPFilterMngmnt.html |
|
59 ISCSI Target Administration:::Configure ISCSI Target service:auths=solaris.smf.modify.iscsitgt,solaris.smf.read.iscsitgt,solaris.smf.value.iscsitgt |
|
60 ISCSI Target Management:::Start/Stop ISCSI Target service:auths=solaris.smf.manage.iscsitgt |
|
61 ISNS Server Management:::Manage ISNS server:auths=solaris.smf.manage.isns,solaris.smf.value.isns,solaris.isnsmgr.write |
|
62 Idmap Name Mapping Management:::Manage Name-based Mapping Rules of Identity Mapping Service:auths=solaris.admin.idmap.rules;help=RtIdmapNameRulesMngmnt.html |
|
63 Idmap Service Management:::Manage Identity Mapping Service:auths=solaris.smf.manage.idmap,solaris.smf.value.idmap;help=RtIdmapMngmnt.html |
|
64 Inetd Management:::Manage inetd configuration parameters:auths=solaris.smf.manage.inetd,solaris.smf.value.inetd;help=RtInetdMngmnt.html |
|
65 Information Security:::Maintains MAC and DAC security policies:profiles=Device Security,File System Security,Name Service Security,Network Security,Object Access Management,Object Label Management;help=RtInfoSec.html |
|
66 Kerberos Client Management:::Maintain and Administer Kerberos excluding the servers:help=RtKerberosClntMngmnt.html |
|
67 Kerberos Server Management:::Maintain and Administer Kerberos Servers:profiles=Kerberos Client Management;help=RtKerberosSrvrMngmnt.html |
|
68 Log Management:::Manage log files:help=RtLogMngmnt.html |
|
69 Mail Management:::Manage sendmail & queues:auths=solaris.smf.manage.sendmail;help=RtMailMngmnt.html |
|
70 Maintenance and Repair:::Maintain and repair a system:auths=solaris.smf.manage.system-log,solaris.label.range,solaris.admin.logsvc.write,solaris.admin.logsvc.read,solaris.compsys.write,solaris.compsys.read,solaris.system.shutdown;help=RtMaintAndRepair.html |
|
71 Media Backup:::Backup files and file systems:profiles=NDMP Management;help=RtMediaBkup.html |
|
72 Media Restore:::Restore files and file systems from backups:profiles=NDMP Management;help=RtMediaRestore.html |
|
73 Memcached Administration::::auths=solaris.smf.manage.memcached,solaris.smf.value.memcached |
|
74 MySQL Administration::::auths=solaris.smf.manage.mysql/version_50,solaris.smf.value.mysql/version_50 |
|
75 NDMP Management:::Manage the NDMP service:auths=solaris.smf.manage.ndmp,solaris.smf.value.ndmp,solaris.smf.read.ndmp;help=RtNdmpMngmnt.html |
|
76 Name Service Management:::Non-security name service scripts/commands:help=RtNameServiceAdmin.html |
|
77 Name Service Security:::Security related name service scripts/commands:help=RtNameServiceSecure.html |
|
78 Network IPsec Management:::Manage IPsec and IKE:auths=solaris.smf.manage.ipsec,solaris.smf.value.ipsec;help=RtNetIPsec.html |
|
79 Network Link Security:::Manage network link security:auths=solaris.network.link.security;help=RtNetLinkSecure.html |
|
80 Network Management:::Manage the host and network configuration:auths=solaris.smf.manage.name-service-cache,solaris.smf.manage.bind,solaris.smf.value.routing,solaris.smf.manage.routing,solaris.smf.value.nwam,solaris.smf.manage.nwam,solaris.smf.manage.tnd,solaris.smf.manage.tnctl,solaris.smf.manage.wpa,solaris.smf.value.mdns,solaris.smf.manage.mdns,solaris.admin.dcmgr.clients,solaris.admin.dcmgr.read,solaris.snmp.*,solaris.network.hosts.*;profiles=Network Wifi Management,Inetd Management;help=RtNetMngmnt.html |
|
81 Network Security:::Manage network and host security:auths=solaris.smf.manage.ssh,solaris.smf.value.tnd,solaris.network.*;profiles=Network Wifi Security,Network Link Security,Network IPsec Management;help=RtNetSecure.html |
|
82 Network Wifi Management:::Manage wifi network configuration:auths=solaris.network.wifi.config;help=RtNetWifiMngmnt.html |
|
83 Network Wifi Security:::Manage wifi network security:auths=solaris.network.wifi.wep;help=RtNetWifiSecure.html |
|
84 Object Access Management:::Change ownership and permission on files:help=RtObAccessMngmnt.html |
|
85 Object Label Management:::Change labels on files.:auths=solaris.device.allocate,solaris.label.file.downgrade,solaris.label.win.downgrade,solaris.label.win.upgrade,solaris.label.file.upgrade,solaris.label.range,solaris.smf.manage.labels;help=RtObjectLabelMngmnt.html |
|
86 Operator:::Can perform simple administrative tasks:profiles=Printer Management,Media Backup,All;help=RtOperator.html |
|
87 Outside Accred:::Allow a user to operate outside the user accreditation range.:auths=solaris.label.range;help=RtOutsideAccred.html |
|
88 Postgres Administration::::auths=solaris.smf.manage.postgres,solaris.smf.value.postgres |
|
89 Primary Administrator:::Can perform all administrative tasks:auths=solaris.*,solaris.grant;help=RtPriAdmin.html |
|
90 Printer Management:::Manage printers, daemons, spooling:auths=solaris.print.*,solaris.label.print,solaris.smf.manage.discovery.printers.*,solaris.smf.value.discovery.printers.*,solaris.admin.printer.read,solaris.admin.printer.modify,solaris.admin.printer.delete;help=RtPrntAdmin.html |
|
91 Process Management:::Manage current processes and processors:auths=solaris.smf.manage.cron,solaris.smf.manage.power,solaris.admin.procmgr.*;help=RtProcManagement.html |
|
92 Project Management:::Manage Solaris projects:help=RtProjManagement.html;auths=solaris.project.read,solaris.project.write |
|
93 Rights Delegation:::Delegate ability to assign rights to users and roles:auths=solaris.role.delegate,solaris.profmgr.delegate,solaris.grant;help=RtRightsDelegate.html |
|
94 Rmvolmgr Management:::Manage Removable Volume Manager SMF service:auths=solaris.smf.manage.rmvolmgr;help=RtRmvolmgrMngmnt.html |
|
95 SMB Management:::Manage the SMB service:auths=solaris.smf.manage.smb,solaris.smf.value.smb,solaris.smf.read.smb;help=RtSMBMngmnt.html |
|
96 SMBFS Management:::Manage the SMB client:auths=solaris.smf.manage.smbfs,solaris.smf.value,solaris.smf.modify.application;help=RtSMBFSMngmnt.html |
|
97 STMF Administration:::Configure STMF service:auths=solaris.smf.modify.application |
|
98 STMF Management:::Start/Stop STMF service:auths=solaris.smf.manage.stmf |
|
99 Service Management:::Manage services:auths=solaris.smf.manage,solaris.smf.modify |
|
100 Service Operator:::Administer services:auths=solaris.smf.manage,solaris.smf.modify.framework |
|
101 Software Installation:::Add application software to the system:help=RtSoftwareInstall.html;auths=solaris.admin.prodreg.read,solaris.admin.prodreg.modify,solaris.admin.prodreg.delete,solaris.admin.dcmgr.admin,solaris.admin.dcmgr.read,solaris.admin.patchmgr.*,solaris.smf.manage.servicetags;profiles=ZFS File System Management |
|
102 Suspend To Disk:::For authorized users to Suspend to Disk:auths=solaris.system.power.suspend.disk;help=RtSysPowerMgmtSuspendToDisk.html |
|
103 Suspend To RAM:::For authorized users to Suspend to RAM:auths=solaris.system.power.suspend.ram;help=RtSysPowerMgmtSuspendToRAM.html |
|
104 Suspend:::For authorized users to Suspend system:auths=solaris.system.power.suspend.*;help=RtSysPowerMgmtSuspend.html |
|
105 System Administrator:::Can perform most non-security administrative tasks:profiles=Audit Review,Printer Management,Cron Management,Device Management,File System Management,Mail Management,Maintenance and Repair,Media Backup,Media Restore,Name Service Management,Network Management,Object Access Management,Process Management,Software Installation,User Management,Project Management,All;help=RtSysAdmin.html |
|
106 System Event Management:::Manage system events and system event channels:help=RtSysEvMngmnt.html |
|
107 System Power:::For authorized users to manage system power:auths=solaris.system.power.*;help=RtSysPowerMgmt.html |
|
108 User Management:::Manage users, groups, home directory:auths=solaris.profmgr.read,solaris.admin.usermgr.write,solaris.admin.usermgr.read;help=RtUserMngmnt.html |
|
109 User Security:::Manage passwords, clearances:auths=solaris.role.*,solaris.profmgr.*,solaris.label.range,solaris.admin.usermgr.*;help=RtUserSecurity.html |
|
110 VSCAN Management:::Manage the VSCAN service:auths=solaris.smf.manage.vscan,solaris.smf.value.vscan,solaris.smf.modify.application;help=RtVscanMngmnt.html |
|
111 Web Console Management:::Administrator of Sun Java Web Console: |
|
112 ZFS File System Management:::Create and Manage ZFS File Systems:help=RtZFSFileSysMngmnt.html |
|
113 ZFS Storage Management:::Create and Manage ZFS Storage Pools:help=RtZFSStorageMngmnt.html |
|
114 Zone Management:::Zones Virtual Application Environment Administration:help=RtZoneMngmnt.html |
|
115 dtwm:::Do not assign to users. Actions and commands required for the window manager (dtwm).:help=Rtdtwm.html |
|
116 shutdown:::Do not assign to users. Contains actions requiring shutdown authorization.:auths=solaris.system.shutdown;help=Rtshutdown.html |