What command did you use to assign profile to user account? Anyway, from usermod man page:
Code:
Example 5 Removing All Profiles from a User
The following command removes all profiles that were granted to a user directly. The user will still have any rights profiles that are granted by means of the PROFS_GRANTED key in policy.conf(4).
# usermod -P "" jdoe
hello all
say im logged in to account ar root , but I can't change any thing there ( like username )
if someone is already logged in also . how can I know who is ( user name ) also connected to the user im using ? (2 Replies)
guys
i have a unix user (say "x") which is also an application owner ..thru this user i manage most (90 %) of my tasks related to application i.e application down/up,processes stop/start etc..in short i manage my "tuxedo" via this user..
now
i want a new user to be created (on my name) which... (7 Replies)
I am running a serverapplication on a HP-UX machine where I need to handle some of the commands as a specified user called "druser".
When I log on as this user with the command;
sudo -u druser -sit starts an instance of the shell as that user.
However, it doesn't load that users .profile from... (1 Reply)
Hello,
My DBAs are connecting to the unix servers with ORACLE account.
I would like to create for each one of them a private user .
Only after connecting in ther private user allow them to su -oracle .
My problem is that i need to prevent them from connecting remothly with SSH as oracle user.... (1 Reply)
Hi Team,
Thank you for your time.
i have a situation where the user IDs of the applicatio users have been locked down to Read only.
Hence I am writing a script to invoke their old .profile every time they login.
My problem is : when i run . $userpath/.profile from within the ksh script... (9 Replies)
The .profile file should be read when the user logs in. So, there should be no need to execute .profile file again in a cron job (since the cron job is run after the user logs in). Doesn't the cron require login from the user. Then, from where does the cron execute? Please help!! (1 Reply)
Hello, I find out that there is a way from putty to pass a command to your shell when trying to log in to a server and bypass .profile. Actually you can do this if you open a bash shell. The command to bypass .profile is the following: ssh -t hostname "bash --noprofile" Is there a way to... (32 Replies)
Hello and thanks in advance for anyone that can offer me any help with this!
I'm trying to figure out a quick & easy way to see a list of everyone's effective user id... I would have thought 'w' or 'who' would be able to display if someone had switched user accounts... but it's only showing the... (3 Replies)
Discussion started by: bodisha
3 Replies
LEARN ABOUT PLAN9
profiles
profiles(1)profiles(1)NAME
profiles - print execution profiles for a user
SYNOPSIS
profiles [-l] [ user ...]
The profiles command prints on standard output the names of the execution profiles that have been assigned to you or to the optionally-
specified user or role name. Profiles are a bundling mechanism used to enumerate the commands and authorizations needed to perform a spe-
cific function. Along with each listed executable are the process attributes, such as the effective user and group IDs, with which the
process runs when started by a privileged command interpreter. The profile shells are pfcsh, pfksh, and pfexec. See the pfexec(1) man page.
Profiles can contain other profiles defined in prof_attr(4).
Multiple profiles can be combined to construct the appropriate access control. When profiles are assigned, the authorizations are added to
the existing set. If the same command appears in multiple profiles, the first occurrence, as determined by the ordering of the profiles, is
used for process-attribute settings. For convenience, a wild card can be specified to match all commands.
When profiles are interpreted, the profile list is loaded from user_attr(4). If any default profile is defined in /etc/security/policy.conf
(see policy.conf(4)), the list of default profiles are added to the list loaded from user_attr(4). Matching entries in prof_attr(4) provide
the authorizations list, and matching entries in exec_attr(4) provide the commands list.
The following options are supported:
-l Lists the commands in each profile followed by the special process attributes such as user and group IDs.
Example 1: Sample Output
The output of the profiles command has the following form:
example% profiles tester01 tester02
tester01 : Audit Management, All Commands
tester02 : Device Management, All Commands
example%
Example 2: Using the list Option
example% profiles -l tester01 tester02
tester01 :
Audit Management:
/usr/sbin/audit euid=root
/usr/sbin/auditconfig euid=root egid=sys
All Commands:
*
tester02 :
Device Management:
/usr/bin/allocate: euid=root
/usr/bin/deallocate: euid=root
All Commands
*
example%
The following exit values are returned:
0 Successful completion.
1 An error occurred.
/etc/security/exec_attr
/etc/security/prof_attr
/etc/user_attr
/etc/security/policy.conf
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
auths(1), pfexec(1), roles(1), getprofattr(3SECDB), exec_attr(4), policy.conf(4), prof_attr(4), user_attr(4), attributes(5)
11 Feb 2000 profiles(1)