Unix/Linux Go Back    

OpenSolaris 2009.06 - man page for smf_security (opensolaris section 5)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

smf_security(5) 	       Standards, Environments, and Macros		  smf_security(5)

       smf_security - service management facility security behavior

       The  configuration  subsystem for the service management facility, smf(5), requires privi-
       lege to modify the configuration of a service. Privileges are granted to a user by associ-
       ating   the   authorizations   described  below	to  the  user  through	user_attr(4)  and
       prof_attr(4). See rbac(5).

       The following authorization is used to manipulate services and service instances.

       solaris.smf.modify    Authorized to add, delete, or modify services, service instances, or
			     their properties, and to read protected property values.

   Property Group Authorizations
       The  smf(5)  configuration  subsystem  associates properties with each service and service
       instance. Related properties are grouped. Groups can represent an execution  method,  cre-
       dential information, application data, or restarter state. The ability to create or modify
       property groups can cause smf(5) components to perform actions that can require	operating
       system privilege. Accordingly, the framework requires appropriate authorization to manipu-
       late property groups.

       Each property group has a type corresponding to its purpose. The core property group types
       are method, dependency, application, and framework. Additional property group types can be
       introduced, provided they conform to the extended naming convention in smf(5). The follow-
       ing basic authorizations, however, apply only to the core property group types:


	   Authorized  to  change  values  or  create, delete, or modify a property group of type


	   Authorized to change values or create, delete, or modify  a	property  group  of  type


	   Authorized  to  change  values, read protected values, and create, delete, or modify a
	   property group of type application.


	   Authorized to change values or create, delete, or modify  a	property  group  of  type


	   Authorized to add, delete, or modify services, service instances, or their properties,
	   and to read protected property values.

       Property group-specific authorization can be specified  by  properties  contained  in  the
       property group.

       modify_authorization    Authorizations  allow  the  addition, deletion, or modification of
			       properties within the property group, and the retrieval	of  prop-
			       erty values from the property group if protected.

       value_authorization     Authorizations  allow  changing	the values of any property of the
			       property group except modify_authorization, and the  retrieval  of
			       any  property values except modify_authorization from the property
			       group if protected.

       read_authorization      Authorizations allow the retrieval of property values  within  the
			       property group. The presence of a string-valued property with this
			       name identifies the containing property group as  protected.  This
			       property  has  no  effect  on  property groups of types other than
			       application. See Protected Property Groups.

       The above authorization properties are only used if they have type astring. If an instance
       property group does not have one of the properties, but the instance's service has a prop-
       erty group of the same name with the property, its values are used.

   Protected Property Groups
       Normally, all property values in the repository can be read by any user	without  explicit
       authorization. Property groups of non-framework types can be used to store properties with
       values that require protection. They must not be revealed except  upon  proper  authoriza-
       tion. A property group's status as protected is indicated by the presence of a string-val-
       ued read_authorization property. If this property is present, the values of all properties
       in the property group is retrievable only as described in Property Group Authorizations.

       Administrative  domains	with  policies	that prohibit backup of data considered sensitive
       should exclude the SMF repository databases from their backups. In the face of such a pol-
       icy,  non-protected  property values can be backed up by using the svccfg(1M) archive com-
       mand to create an archive of the repository without protected property values.

   Service Action Authorization
       Certain actions on service instances can result in service interruption	or  deactivation.
       These  actions require an authorization to ensure that any denial of service is a deliber-
       ate administrative action. Such actions include a request for execution of the refresh  or
       restart methods, or placement of a service instance in the maintenance or other non-opera-
       tional state. The following authorization allows such actions to be requested:

       solaris.smf.manage    Authorized to request restart, refresh, or other state  modification
			     of any service instance.

       In  addition,  the general/action_authorization property can specify additional authoriza-
       tions that permit  service  actions  to	be  requested  for  that  service  instance.  The
       solaris.smf.manage authorization is required to modify this property.

   Defined Rights Profiles
       Two  rights profiles are included that offer grouped authorizations for manipulating typi-
       cal smf(5) operations.

       Service Management    A service manager can manipulate any service in  the  repository  in
			     any    way.   It	corresponds   to   the	 solaris.smf.manage   and
			     solaris.smf.modify authorizations.

			     The service management profile is the minimum required  to  use  the
			     pkgadd(1M)  or pkgrm(1M) commands to add or remove software packages
			     that contain an inventory of services in its service manifest.

       Service Operator      A service operator has the ability to enable or disable any  service
			     instance  on  the	system,  as  well  as request that its restart or
			     refresh method be executed. It corresponds to the solaris.smf.manage
			     and solaris.smf.modify.framework authorizations.

			     Sites  can  define  additional  rights  profiles customized to their

   Remote Repository Modification
       Remote repository servers can deny  modification  attempts  due	to  additional	privilege
       checks. See NOTES.

       auths(1),  profiles(1),	pkgadd(1M),  pkgrm(1M),  svccfg(1M),  prof_attr(4), user_attr(4),
       rbac(5), smf(5)

       The present version of smf(5) does not support remote repositories.

SunOS 5.11				   13 Sep 2007				  smf_security(5)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 09:52 AM.