04-11-2008
That's it.
I didn't provide a prof_attr sample line. Something like that one will do.
runid:::run the id command as root:
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I know we can create a normal UserID with "root" priviledges by assigning the user into the "root" group. As such, everything that is modified by the UserID will also contain "root" as the group and ID. This is return causes less tracability on who made the change onto a certain file, etc.
My... (3 Replies)
Discussion started by: Alvin
3 Replies
2. Solaris
Hi Friends,
Can anyone tell me how can I set the password age limit for root user to 14 days....???
Also would like to add following for root password;
min-alpha --- 4
min-other --- 1
min-length -- 6
min-diff ----- 3
How can I do these on command line....???
Regards,
jumadhiya (7 Replies)
Discussion started by: jumadhiya
7 Replies
3. UNIX for Advanced & Expert Users
I would like to know the difference between the real user-id and the
effective user-id. If user-A runs a program owned by user-B then
which is the real user-id and which is the effective user-id ? (1 Reply)
Discussion started by: sundaresh
1 Replies
4. Shell Programming and Scripting
I have a file contains
TASK gsnmpproxy {
CommandLine = $SMCHOME/bin/gsnmpProxy.exe
}
TASK gsnmpdbgui {
CommandLine = $SMCHOME/bin/gsnmpdbgui.exe
I would like to comment and than uncomment specific task eg TASK gsnmpproxy
Pls suggest how to do in shell script (9 Replies)
Discussion started by: madhusmita
9 Replies
5. Shell Programming and Scripting
I have an task definition listing xml file that contains a list of tasks such as
<TASKLIST
<TASK definition="Completion date" id="Taskname1" Some other
<CODE name="Code12"
<Parameter pname="Dog" input="5.6" units="feet" etc /Parameter>
<Parameter... (3 Replies)
Discussion started by: MissI
3 Replies
6. UNIX for Dummies Questions & Answers
questions:
a. where can I customized the password of userid in solaris? say I wanted 10digits long, all caps?
thanks (4 Replies)
Discussion started by: lhareigh890
4 Replies
7. Cybersecurity
How to limit patchadd command to root user only?
I'm running a solaris 10 5/09 server, I have 2 users other than root. One being able to use the patchadd command and one is unable to do so. What I'm trying to do is to limit the patchadd command so that only root is able to run it. (7 Replies)
Discussion started by: ShouTenraku
7 Replies
8. Solaris
Hi all, I'm using to Solaris machine. When I run a simple script this messenger come out:"limit: stacksize: Can't remove limit". Any one know the way to resolve this problem without reboot the machine?
Thanks in advance. (3 Replies)
Discussion started by: Diabolist9
3 Replies
9. Solaris
Hi All
After downloading ZFS documentation from oracle site, I am able to successfully migrate UFS root FS without zones to ZFS root FS. But in case of UFS root file system with zones , I am successfully able to migrate global zone to zfs root file system but zone are still in UFS root file... (2 Replies)
Discussion started by: sb200
2 Replies
10. Red Hat
Hi team,
I tried to modify the /etc/security/limits.conf file to limit the root user for more one login. I added the line in limits.conf file like:
@root hard maxlogins 1
I also tried to modify /etc/ssh/sshd_config to limit the root userlogin by adding this:
... (10 Replies)
Discussion started by: leo_ultra_leo
10 Replies
profiles(1) profiles(1)
NAME
profiles - print execution profiles for a user
SYNOPSIS
profiles [-l] [ user ...]
The profiles command prints on standard output the names of the execution profiles that have been assigned to you or to the optionally-
specified user or role name. Profiles are a bundling mechanism used to enumerate the commands and authorizations needed to perform a spe-
cific function. Along with each listed executable are the process attributes, such as the effective user and group IDs, with which the
process runs when started by a privileged command interpreter. The profile shells are pfcsh, pfksh, and pfexec. See the pfexec(1) man page.
Profiles can contain other profiles defined in prof_attr(4).
Multiple profiles can be combined to construct the appropriate access control. When profiles are assigned, the authorizations are added to
the existing set. If the same command appears in multiple profiles, the first occurrence, as determined by the ordering of the profiles, is
used for process-attribute settings. For convenience, a wild card can be specified to match all commands.
When profiles are interpreted, the profile list is loaded from user_attr(4). If any default profile is defined in /etc/security/policy.conf
(see policy.conf(4)), the list of default profiles are added to the list loaded from user_attr(4). Matching entries in prof_attr(4) provide
the authorizations list, and matching entries in exec_attr(4) provide the commands list.
The following options are supported:
-l Lists the commands in each profile followed by the special process attributes such as user and group IDs.
Example 1: Sample Output
The output of the profiles command has the following form:
example% profiles tester01 tester02
tester01 : Audit Management, All Commands
tester02 : Device Management, All Commands
example%
Example 2: Using the list Option
example% profiles -l tester01 tester02
tester01 :
Audit Management:
/usr/sbin/audit euid=root
/usr/sbin/auditconfig euid=root egid=sys
All Commands:
*
tester02 :
Device Management:
/usr/bin/allocate: euid=root
/usr/bin/deallocate: euid=root
All Commands
*
example%
The following exit values are returned:
0 Successful completion.
1 An error occurred.
/etc/security/exec_attr
/etc/security/prof_attr
/etc/user_attr
/etc/security/policy.conf
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
auths(1), pfexec(1), roles(1), getprofattr(3SECDB), exec_attr(4), policy.conf(4), prof_attr(4), user_attr(4), attributes(5)
11 Feb 2000 profiles(1)