I am sure someone will yell at me over this post, but honestly I have searched. It doesn't help that I am not sure what to search on.
Little background. Working at new company, Company has a program on a Unix box AIX.4. I know virtually nothing about Unix and Neither does anyone else here ... (1 Reply)
Hello,
My first post to the Unix forums, thanks for having me!
The division of the company I work for uses a xseries/redhat/VMWareServer
solution to make sure that we keep hardware overhead low and use our machines to as near capacity as we can. These boxes are Intel with usually
dual or... (1 Reply)
Hello guys, new here so please take it easy on me :-). Here is my issue. We use an application called Medical Manager and it runs on AIX. There is a user that is showing stuck with in the application. However when I try to run any of "ps" commands I don't see it. I need to kill this user and I... (2 Replies)
I need to do a switch user in an automated mode and do a ftp using that switched id.
Scenario:
initial login xx.
switch to user-yy without manually entering the password.
ftp some files from user yy to another user zz - automated mode.
Can any unix experts can help me for my above query? (1 Reply)
Dear Friends ,
I got a problem In our AIX 6.1 server . When I start or restart the machine I cannot Login the server . It shows a dialog box and shows some comments , those are :
>>
The DT messaging system could not be started .
To correct the problem :
1. Choose to return the login... (1 Reply)
Hi all,
I cannt use 'su' to login to root or any other users though everything seems ok. I read some articles that says if you do recursive chmod 777 on /usr it can create this problem.
I did the same. can anybody tell me how to repair it. Any ideas will be appreciated.
thnks (7 Replies)
Hello,
Sorry for my poor English.
I have to reduce rights for a user on AIX system so that:
When he does , he find in output, only filesystems on which he has permissions
.He can't do to change user.
Very thanks for helping. (2 Replies)
Hi,
I want to create a new user,and I want to give read permission to a folder which owned by root.
How can I do this?
thanks for your helps (4 Replies)
Hello,
I am curious that is there a way I can restrict a user or a set of users to execute the C/C++ compiler, basically what I want is to lock it down to a particular user and none of the other users should be able to compile any code.
Thanks in advance. (14 Replies)
Discussion started by: m6248m
14 Replies
LEARN ABOUT V7
profiles
profiles(1)profiles(1)NAME
profiles - print execution profiles for a user
SYNOPSIS
profiles [-l] [ user ...]
The profiles command prints on standard output the names of the execution profiles that have been assigned to you or to the optionally-
specified user or role name. Profiles are a bundling mechanism used to enumerate the commands and authorizations needed to perform a spe-
cific function. Along with each listed executable are the process attributes, such as the effective user and group IDs, with which the
process runs when started by a privileged command interpreter. The profile shells are pfcsh, pfksh, and pfexec. See the pfexec(1) man page.
Profiles can contain other profiles defined in prof_attr(4).
Multiple profiles can be combined to construct the appropriate access control. When profiles are assigned, the authorizations are added to
the existing set. If the same command appears in multiple profiles, the first occurrence, as determined by the ordering of the profiles, is
used for process-attribute settings. For convenience, a wild card can be specified to match all commands.
When profiles are interpreted, the profile list is loaded from user_attr(4). If any default profile is defined in /etc/security/policy.conf
(see policy.conf(4)), the list of default profiles are added to the list loaded from user_attr(4). Matching entries in prof_attr(4) provide
the authorizations list, and matching entries in exec_attr(4) provide the commands list.
The following options are supported:
-l Lists the commands in each profile followed by the special process attributes such as user and group IDs.
Example 1: Sample Output
The output of the profiles command has the following form:
example% profiles tester01 tester02
tester01 : Audit Management, All Commands
tester02 : Device Management, All Commands
example%
Example 2: Using the list Option
example% profiles -l tester01 tester02
tester01 :
Audit Management:
/usr/sbin/audit euid=root
/usr/sbin/auditconfig euid=root egid=sys
All Commands:
*
tester02 :
Device Management:
/usr/bin/allocate: euid=root
/usr/bin/deallocate: euid=root
All Commands
*
example%
The following exit values are returned:
0 Successful completion.
1 An error occurred.
/etc/security/exec_attr
/etc/security/prof_attr
/etc/user_attr
/etc/security/policy.conf
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
auths(1), pfexec(1), roles(1), getprofattr(3SECDB), exec_attr(4), policy.conf(4), prof_attr(4), user_attr(4), attributes(5)
11 Feb 2000 profiles(1)