| blob | 3dab7718f2a5962038e0b4f6751e6cccfeb57e83 |
1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
22 # Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
23 #
24 # /etc/security/exec_attr
25 #
26 # execution attributes for profiles. see exec_attr(4)
27 #
28 #
29 All:suser:cmd:::*:
30 Audit Control:solaris:cmd:::/usr/sbin/audit:privs=proc_owner,sys_audit
31 Audit Configuration:solaris:::/usr/sbin/auditconfig:privs=sys_audit
32 Audit Review:solaris:cmd:::/usr/sbin/auditreduce:euid=0
33 Audit Review:solaris:cmd:::/usr/sbin/auditstat:privs=proc_audit
34 Audit Review:solaris:cmd:::/usr/sbin/praudit:privs=file_dac_read
35 Contract Observer:solaris:cmd:::/usr/bin/ctwatch:\
36 privs=contract_event,contract_observer
37 Cron Management:suser:cmd:::/usr/bin/crontab:euid=0
38 Crypto Management:suser:cmd:::/usr/sbin/cryptoadm:euid=0
39 Crypto Management:suser:cmd:::/usr/bin/kmfcfg:euid=0
40 Crypto Management:suser:cmd:::/usr/sfw/bin/openssl:euid=0
41 Crypto Management:suser:cmd:::/usr/sfw/bin/CA.pl:euid=0
42 DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/dhcpconfig:uid=0
43 DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/dhtadm:uid=0
44 DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/pntadm:uid=0
45 Device Management:suser:cmd:::/usr/sbin/allocate:uid=0
46 Device Management:suser:cmd:::/usr/sbin/add_drv:uid=0
47 Device Management:suser:cmd:::/usr/sbin/deallocate:uid=0
48 Device Management:suser:cmd:::/usr/sbin/rem_drv:uid=0
49 Device Management:suser:cmd:::/usr/sbin/update_drv:uid=0
50 Device Security:suser:cmd:::/usr/sbin/add_drv:uid=0
51 Device Security:suser:cmd:::/usr/sbin/devfsadm:uid=0
52 Device Security:suser:cmd:::/usr/sbin/eeprom:uid=0
53 Device Security:solaris:cmd:::/usr/bin/kbd:uid=0;gid=sys
54 Device Security:suser:cmd:::/usr/sbin/list_devices:euid=0
55 Device Security:suser:cmd:::/usr/sbin/rem_drv:uid=0
56 Device Security:suser:cmd:::/usr/sbin/strace:euid=0
57 Device Security:suser:cmd:::/usr/sbin/update_drv:uid=0
58 Device Security:suser:cmd:::/usr/sbin/add_allocatable:euid=0
59 Device Security:suser:cmd:::/usr/sbin/remove_allocatable:euid=0
60 FTP Management:suser:cmd:::/usr/sbin/ftpaddhost:uid=0
61 FTP Management:suser:cmd:::/usr/sbin/ftpconfig:uid=0
62 FTP Management:suser:cmd:::/usr/sbin/ftprestart:euid=0
63 FTP Management:suser:cmd:::/usr/sbin/ftpshut:euid=0;egid=sys
64 FTP Management:suser:cmd:::/usr/sbin/privatepw:uid=0;egid=sys
65 File System Management:solaris:cmd:::/sbin/mount:privs=sys_mount
66 File System Management:solaris:cmd:::/sbin/umount:privs=sys_mount
67 File System Management:suser:cmd:::/usr/bin/eject:euid=0
68 File System Management:suser:cmd:::/usr/bin/mkdir:euid=0
69 File System Management:suser:cmd:::/usr/bin/rmdir:euid=0
70 File System Management:suser:cmd:::/usr/lib/autofs/automountd:euid=0
71 File System Management:suser:cmd:::/usr/lib/fs/autofs/automount:euid=0
72 File System Management:suser:cmd:::/usr/lib/fs/nfs/showmount:euid=0
73 File System Management:suser:cmd:::/usr/lib/fs/ufs/fsirand:euid=0
74 File System Management:suser:cmd:::/usr/lib/fs/ufs/newfs:euid=0
75 File System Management:suser:cmd:::/usr/lib/fs/ufs/tunefs:uid=0
76 File System Management:suser:cmd:::/usr/sbin/clri:euid=0
77 File System Management:suser:cmd:::/usr/sbin/devinfo:euid=0
78 File System Management:suser:cmd:::/usr/sbin/dfmounts:euid=0
79 File System Management:suser:cmd:::/usr/sbin/dfshares:euid=0
80 File System Management:suser:cmd:::/usr/sbin/ff:euid=0
81 File System Management:suser:cmd:::/usr/sbin/format:euid=0
82 File System Management:suser:cmd:::/usr/sbin/fsck:euid=0
83 File System Management:suser:cmd:::/usr/sbin/fsdb:euid=0
84 File System Management:suser:cmd:::/usr/sbin/fstyp:euid=0
85 File System Management:suser:cmd:::/usr/sbin/fuser:euid=0
86 File System Management:solaris:cmd:::/usr/sbin/iscsiadm:euid=0;privs=basic
87 File System Management:suser:cmd:::/usr/sbin/mkfile:euid=0
88 File System Management:suser:cmd:::/usr/sbin/mkfs:euid=0
89 File System Management:suser:cmd:::/usr/sbin/mount:uid=0
90 File System Management:suser:cmd:::/usr/sbin/mountall:uid=0
91 File System Management:solaris:cmd:::/usr/sbin/mpathadm:privs=sys_devices
92 File System Management:solaris:cmd:::/usr/sbin/quotacheck:uid=0;gid=sys
93 File System Management:solaris:cmd:::/usr/sbin/quotaoff:uid=0;gid=sys
94 File System Management:solaris:cmd:::/usr/sbin/quotaon:uid=0;gid=sys
95 File System Management:solaris:cmd:::/usr/sbin/raidctl:privs=sys_config,sys_devices;euid=0
96 File System Management:suser:cmd:::/usr/sbin/ramdiskadm:euid=0
97 File System Management:solaris:cmd:::/usr/sbin/sasinfo:privs=sys_devices
98 File System Management:solaris:cmd:::/usr/sbin/sbdadm:privs=sys_devices
99 File System Management:suser:cmd:::/usr/sbin/share:uid=0;gid=root
100 File System Management:suser:cmd:::/usr/sbin/sharemgr:uid=0;gid=root
101 File System Management:suser:cmd:::/usr/sbin/shareall:uid=0;gid=root
102 File System Management:solaris:cmd:::/usr/sbin/stmfadm:privs=sys_devices
103 File System Management:suser:cmd:::/usr/sbin/swap:euid=0
104 File System Management:suser:cmd:::/usr/sbin/umount:uid=0
105 File System Management:suser:cmd:::/usr/sbin/umountall:uid=0
106 File System Management:suser:cmd:::/usr/sbin/unshare:uid=0;gid=root
107 File System Management:suser:cmd:::/usr/sbin/unshareall:uid=0;gid=root
108 Forced Privilege:solaris:cmd:::/usr/bin/newtask:\
109 privs=proc_taskid,sys_resource,sys_res_config,proc_priocntl
110 Forced Privilege:solaris:cmd:::/usr/bin/rcp:privs=net_privaddr
111 Forced Privilege:solaris:cmd:::/usr/bin/rdist:privs=net_privaddr
112 Forced Privilege:solaris:cmd:::/usr/bin/rlogin:privs=net_privaddr
113 Forced Privilege:solaris:cmd:::/usr/bin/rmformat:\
114 privs=file_dac_read,file_dac_write,proc_fork,proc_exec,sys_mount,sys_devices
115 Forced Privilege:solaris:cmd:::/usr/bin/rsh:privs=net_privaddr
116 Forced Privilege:solaris:cmd:::/usr/bin/w:privs=proc_owner
117 Forced Privilege:solaris:cmd:::/usr/lib/fs/ufs/quota:privs=file_dac_read
118 Forced Privilege:solaris:cmd:::/usr/lib/fs/ufs/ufsdump:privs=net_privaddr
119 Forced Privilege:solaris:cmd:::/usr/lib/fs/ufs/ufsrestore:privs=net_privaddr
120 Forced Privilege:solaris:cmd:::/usr/sbin/ping:\
121 privs=net_icmpaccess,sys_ip_config
122 Forced Privilege:solaris:cmd:::/usr/sbin/traceroute:\
123 privs=net_icmpaccess,net_rawaccess
124 Forced Privilege:solaris:cmd:::/usr/sbin/whodo:privs=proc_owner
125 Forced Privilege:solaris:cmd:::/usr/lib/fs/smbfs/mount:privs=sys_mount
126 Forced Privilege:solaris:cmd:::/usr/lib/fs/smbfs/umount:privs=sys_mount
127 IP Filter Management:solaris:cmd:::/usr/sbin/ipf:privs=sys_ip_config
128 IP Filter Management:solaris:cmd:::/usr/sbin/ipfs:privs=sys_ip_config
129 IP Filter Management:solaris:cmd:::/usr/sbin/ipmon:privs=sys_ip_config
130 IP Filter Management:solaris:cmd:::/usr/sbin/ipfstat:privs=sys_ip_config;gid=sys
131 IP Filter Management:solaris:cmd:::/usr/sbin/ipnat:privs=sys_ip_config;gid=sys
132 IP Filter Management:solaris:cmd:::/usr/sbin/ippool:privs=sys_ip_config;gid=sys
133 Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/krb5kdc:uid=0
134 Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/kadmind:uid=0
135 Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/kprop:euid=0;privs=none
136 Kerberos Server Management:solaris:cmd:::/usr/sbin/kadmin.local:euid=0;privs=none
137 Kerberos Server Management:solaris:cmd:::/usr/sbin/kdb5_util:euid=0;privs=none
138 Kerberos Server Management:solaris:cmd:::/usr/sbin/kdb5_ldap_util:euid=0;privs=none
139 Kerberos Server Management:solaris:cmd:::/usr/sbin/kdcmgr:euid=0;privs=none
140 Kerberos Client Management:solaris:cmd:::/usr/bin/klist:euid=0;privs=file_dac_read
141 Kerberos Client Management:solaris:cmd:::/usr/sbin/kadmin:euid=0;privs=none
142 Kerberos Client Management:solaris:cmd:::/usr/sbin/kclient:euid=0;privs=none
143 Log Management:suser:cmd:::/usr/sbin/logadm:euid=0
144 Mail Management:suser:cmd:::/usr/lib/sendmail:uid=0
145 Mail Management:suser:cmd:::/usr/sbin/editmap:euid=0
146 Mail Management:suser:cmd:::/usr/sbin/makemap:euid=0
147 Mail Management:suser:cmd:::/usr/sbin/newaliases:euid=0
148 Maintenance and Repair:solaris:cmd:::/usr/bin/mdb:privs=all
149 Maintenance and Repair:suser:cmd:::/usr/bin/mdb:euid=0
150 Maintenance and Repair:solaris:cmd:::/usr/bin/coreadm:euid=0;privs=proc_owner
151 Maintenance and Repair:suser:cmd:::/usr/bin/date:euid=0
152 Maintenance and Repair:suser:cmd:::/usr/bin/ldd:euid=0
153 Maintenance and Repair:suser:cmd:::/usr/bin/vmstat:euid=0
154 Maintenance and Repair:suser:cmd:::/usr/sbin/eeprom:euid=0
155 Maintenance and Repair:suser:cmd:::/usr/sbin/halt:euid=0
156 Maintenance and Repair:suser:cmd:::/sbin/init:uid=0
157 Maintenance and Repair:solaris:cmd:::/usr/sbin/pcitool:privs=all
158 Maintenance and Repair:suser:cmd:::/usr/sbin/poweroff:uid=0
159 Maintenance and Repair:suser:cmd:::/usr/sbin/prtconf:euid=0
160 Maintenance and Repair:suser:cmd:::/usr/sbin/reboot:uid=0
161 Maintenance and Repair:suser:cmd:::/usr/sbin/syslogd:euid=0
162 Maintenance and Repair:suser:cmd:::/sbin/bootadm:euid=0
163 Maintenance and Repair:solaris:cmd:::/usr/sbin/ucodeadm:privs=all
164 Maintenance and Repair:solaris:cmd:::/usr/sbin/cpustat:privs=basic,cpc_cpu
165 Maintenance and Repair:solaris:cmd:::/usr/bin/pgstat:privs=basic,cpc_cpu
166 Maintenance and Repair:solaris:cmd:::/usr/bin/kstat:privs=basic,cpc_cpu
167 Media Backup:suser:cmd:::/usr/bin/mt:euid=0
168 Media Backup:suser:cmd:::/usr/lib/fs/ufs/ufsdump:euid=0;gid=sys
169 Media Backup:suser:cmd:::/usr/sbin/tar:euid=0
170 Media Catalog:solaris:cmd:::/usr/bin/bart:\
171 privs=file_dac_read,file_dac_search
172 Media Restore:suser:cmd:::/usr/bin/cpio:euid=0
173 Media Restore:suser:cmd:::/usr/bin/mt:euid=0
174 Media Restore:suser:cmd:::/usr/lib/fs/ufs/ufsrestore:euid=0
175 Media Restore:suser:cmd:::/usr/sbin/tar:euid=0
176 Name Service Management:suser:cmd:::/usr/sbin/nscd:euid=0
177 Name Service Security:suser:cmd:::/usr/bin/chkey:euid=0
178 Name Service Security:suser:cmd:::/usr/sbin/ldapclient:uid=0
179 Name Service Security:suser:cmd:::/usr/sbin/newkey:euid=0
180 Network Management:solaris:cmd:::/sbin/ifconfig:uid=0
181 Network Management:solaris:cmd:::/sbin/route:privs=sys_ip_config
182 Network Management:solaris:cmd:::/sbin/dladm:euid=dladm;egid=netadm;\
183 privs=sys_dl_config,net_rawaccess,proc_audit
184 Network Management:solaris:cmd:::/sbin/dlstat:euid=dladm;egid=sys;
185 Network Management:solaris:cmd:::/sbin/flowadm:euid=dladm;egid=sys;\
186 privs=sys_dl_config,net_rawaccess,proc_audit
187 Network Management:solaris:cmd:::/sbin/flowstat:euid=dladm;egid=sys;
188 Network Management:solaris:cmd:::/sbin/ipadm:euid=netadm;egid=netadm;\
189 privs=sys_ip_config,net_rawaccess
190 Network Management:suser:cmd:::/usr/bin/netstat:uid=0
191 Network Management:suser:cmd:::/usr/bin/rup:euid=0
192 Network Management:suser:cmd:::/usr/bin/ruptime:euid=0
193 Network Management:suser:cmd:::/usr/sbin/asppp2pppd:euid=0
194 Network Management:suser:cmd:::/usr/sbin/ifconfig:uid=0
195 Network Management:suser:cmd:::/usr/sbin/ipaddrsel:euid=0
196 Network Management:suser:cmd:::/usr/sbin/ipqosconf:euid=0
197 Network Management:suser:cmd:::/usr/sbin/rndc:privs=file_dac_read
198 Network Management:suser:cmd:::/usr/sbin/route:uid=0
199 Network Management:suser:cmd:::/usr/sbin/snoop:uid=0
200 Network Management:solaris:cmd:::/usr/sbin/snoop:privs=net_observability
201 Network Management:suser:cmd:::/usr/sbin/spray:euid=0
202 Network Management:suser:cmd:::/usr/sbin/tcpdump:uid=0
203 Network Management:solaris:cmd:::/usr/sbin/tcpdump:privs=net_rawaccess
204 Network Observability:solaris:cmd:::/usr/sbin/snoop:privs=net_observability
205 Network Observability:solaris:cmd:::/usr/sbin/tcpdump:privs=net_rawaccess
206 Network Link Security:solaris:cmd:::/sbin/dladm:euid=dladm;egid=sys;\
207 privs=sys_dl_config,net_rawaccess,proc_audit
208 Network Link Security:solaris:cmd:::/sbin/dlstat:euid=dladm;egid=sys;
209 Network IPsec Management:solaris:cmd:::/usr/sbin/ipsecconf:euid=0;privs=sys_ip_config
210 Network IPsec Management:solaris:cmd:::/usr/sbin/ipseckey:uid=0;privs=sys_ip_config
211 Network IPsec Management:solaris:cmd:::/usr/sbin/ipsecalgs:privs=sys_ip_config
212 Network IPsec Management:suser:cmd:::/usr/sbin/ipsecconf:euid=0
213 Network IPsec Management:suser:cmd:::/usr/sbin/ipseckey:uid=0
214 Network IPsec Management:suser:cmd:::/usr/sbin/ipsecalgs:euid=0
215 Network Security:suser:cmd:::/usr/bin/ssh-keygen:uid=0;gid=sys
216 Object Access Management:solaris:cmd:::/usr/bin/chgrp:privs=file_chown
217 Object Access Management:solaris:cmd:::/usr/bin/chmod:privs=file_owner
218 Object Access Management:solaris:cmd:::/usr/bin/chown:privs=file_chown
219 Object Access Management:solaris:cmd:::/usr/bin/setfacl:privs=file_owner
220 Object Access Management:suser:cmd:::/usr/bin/chgrp:euid=0
221 Object Access Management:suser:cmd:::/usr/bin/chmod:euid=0
222 Object Access Management:suser:cmd:::/usr/bin/chown:euid=0
223 Object Access Management:suser:cmd:::/usr/bin/getfacl:euid=0
224 Object Access Management:suser:cmd:::/usr/bin/setfacl:euid=0
225 Primary Administrator:solaris:cmd:::*:uid=0;gid=0
226 Printer Management:suser:cmd:::/usr/lib/lp/local/lpadmin:uid=lp;gid=lp
227 Printer Management:suser:cmd:::/usr/sbin/lpfilter:euid=lp;uid=lp
228 Printer Management:suser:cmd:::/usr/sbin/lpforms:euid=lp
229 Printer Management:suser:cmd:::/usr/sbin/lpusers:euid=lp
230 Printer Management:suser:cmd:::/usr/sbin/ppdmgr:euid=0
231 Process Management:solaris:cmd:::/usr/bin/kill:privs=proc_owner
232 Process Management:solaris:cmd:::/usr/bin/nice:privs=proc_owner,proc_priocntl
233 Process Management:solaris:cmd:::/usr/bin/pcred:privs=proc_owner
234 Process Management:solaris:cmd:::/usr/bin/pfiles:privs=proc_owner
235 Process Management:solaris:cmd:::/usr/bin/pflags:privs=proc_owner
236 Process Management:solaris:cmd:::/usr/bin/ppriv:privs=proc_owner
237 Process Management:solaris:cmd:::/usr/bin/renice:privs=proc_owner,proc_priocntl
238 Process Management:suser:cmd:::/usr/bin/crontab:euid=0
239 Process Management:suser:cmd:::/usr/bin/kill:euid=0
240 Process Management:suser:cmd:::/usr/bin/nice:euid=0
241 Process Management:suser:cmd:::/usr/bin/pcred:euid=0
242 Process Management:suser:cmd:::/usr/bin/pfiles:euid=0
243 Process Management:suser:cmd:::/usr/bin/pflags:euid=0
244 Process Management:suser:cmd:::/usr/bin/pldd:euid=0
245 Process Management:suser:cmd:::/usr/bin/pmap:euid=0
246 Process Management:suser:cmd:::/usr/bin/prun:euid=0
247 Process Management:suser:cmd:::/usr/bin/ps:euid=0
248 Process Management:suser:cmd:::/usr/bin/psig:euid=0
249 Process Management:suser:cmd:::/usr/bin/pstack:euid=0
250 Process Management:suser:cmd:::/usr/bin/pstop:euid=0
251 Process Management:suser:cmd:::/usr/bin/ptime:euid=0
252 Process Management:suser:cmd:::/usr/bin/ptree:euid=0
253 Process Management:suser:cmd:::/usr/bin/pwait:euid=0
254 Process Management:suser:cmd:::/usr/bin/pwdx:euid=0
255 Process Management:suser:cmd:::/usr/bin/renice:euid=0
256 Process Management:suser:cmd:::/usr/bin/truss:euid=0
257 Process Management:suser:cmd:::/usr/sbin/fuser:euid=0
258 Process Management:solaris:cmd:::/usr/sbin/rcapadm:uid=0
259 Project Management:solaris:cmd:::/usr/sbin/projadd:euid=0
260 Project Management:solaris:cmd:::/usr/sbin/projmod:euid=0
261 Project Management:solaris:cmd:::/usr/sbin/projdel:euid=0
262 Software Installation:suser:cmd:::/sbin/beadm:uid=0;gid=bin
263 Software Installation:suser:cmd:::/usr/bin/ln:euid=0
264 Software Installation:suser:cmd:::/usr/bin/pkginfo:uid=0
265 Software Installation:suser:cmd:::/usr/bin/pkgmk:uid=0
266 Software Installation:suser:cmd:::/usr/bin/pkgparam:uid=0
267 Software Installation:suser:cmd:::/usr/bin/pkgproto:uid=0
268 Software Installation:suser:cmd:::/usr/bin/pkgtrans:uid=0
269 Software Installation:suser:cmd:::/usr/bin/make:euid=0
270 Software Installation:suser:cmd:::/usr/sbin/install:euid=0
271 Software Installation:suser:cmd:::/usr/sbin/pkgadd:uid=0;gid=bin
272 Software Installation:suser:cmd:::/usr/sbin/pkgask:uid=0
273 Software Installation:suser:cmd:::/usr/sbin/pkgchk:uid=0
274 Software Installation:suser:cmd:::/usr/sbin/pkgrm:uid=0;gid=bin
275 System Event Management:suser:cmd:::/usr/sbin/syseventadm:uid=0
276 User Management:suser:cmd:::/usr/sbin/grpck:euid=0
277 User Management:suser:cmd:::/usr/sbin/pwck:euid=0
278 User Management:solaris:cmd:::/usr/sbin/useradd:uid=0
279 User Management:solaris:cmd:::/usr/sbin/userdel:uid=0
280 User Management:solaris:cmd:::/usr/sbin/usermod:uid=0
281 User Management:solaris:cmd:::/usr/sbin/roleadd:uid=0
282 User Management:solaris:cmd:::/usr/sbin/roledel:uid=0
283 User Management:solaris:cmd:::/usr/sbin/rolemod:uid=0
284 User Management:solaris:cmd:::/usr/sbin/groupadd:uid=0
285 User Management:solaris:cmd:::/usr/sbin/groupdel:uid=0
286 User Management:solaris:cmd:::/usr/sbin/groupmod:uid=0
287 User Security:suser:cmd:::/usr/bin/passwd:uid=0
288 User Security:suser:cmd:::/usr/sbin/pwck:euid=0
289 DAT Administration:solaris:cmd:::/usr/sbin/datadm:euid=0
290 ZFS File System Management:solaris:cmd:::/sbin/zfs:euid=0
291 ZFS Storage Management:solaris:cmd:::/sbin/zpool:uid=0
292 Zone Security:solaris:cmd:::/usr/sbin/zonecfg:uid=0
293 Zone Management:solaris:cmd:::/usr/sbin/zoneadm:euid=0
294 Zone Management:solaris:cmd:::/usr/sbin/zlogin:euid=0
295 acctadm:solaris:cmd:::/usr/sbin/acctadm:euid=0;egid=0;privs=sys_acct,file_dac_write