kill tsol ("Trusted Solaris") aka TX ("Trusted Extensions")

[unleashed.git] / usr / src / man / man4 / user_attr.4

'\" te
.\"  Copyright (C) 2008 Sun Microsystems, Inc. All Rights Reserved
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH USER_ATTR 4 "Dec 12, 2008"
.SH NAME
user_attr \- extended user attributes database
.SH SYNOPSIS
.LP
.nf
\fB/etc/user_attr\fR
.fi

.SH DESCRIPTION
.sp
.LP
\fB/etc/user_attr\fR is a local source of extended attributes associated with
users and roles. \fBuser_attr\fR can be used with other user attribute sources,
including the LDAP people container, the \fBuser_attr\fR \fBNIS\fR map, and the
\fBuser_attr\fR \fBNIS+\fR table. Programs use the \fBgetuserattr\fR(3SECDB)
routines to gain access to this information.
.sp
.LP
The search order for multiple \fBuser_attr\fR sources is specified in the
\fB/etc/nsswitch.conf\fR file, as described in the \fBnsswitch.conf\fR(4) man
page. The search order follows that for \fBpasswd\fR(4).
.sp
.LP
Each entry in the \fBuser_attr\fR databases consists of a single line with five
fields separated by colons (\fB:\fR). Line continuations using the backslash
(\fB\e\fR) character are permitted. Each entry has the form:
.sp
.in +2
.nf
\fIuser\fR:\fIqualifier\fR:\fIres1\fR:\fIres2\fR:\fIattr\fR
.fi
.in -2

.sp
.ne 2
.na
\fB\fIuser\fR\fR
.ad
.sp .6
.RS 4n
The name of the user as specified in the \fBpasswd\fR(4) database.
.RE

.sp
.ne 2
.na
\fB\fIqualifier\fR\fR
.ad
.sp .6
.RS 4n
Reserved for future use.
.RE

.sp
.ne 2
.na
\fB\fIres1\fR\fR
.ad
.sp .6
.RS 4n
Reserved for future use.
.RE

.sp
.ne 2
.na
\fB\fIres2\fR\fR
.ad
.sp .6
.RS 4n
Reserved for future use.
.RE

.sp
.ne 2
.na
\fB\fIattr\fR\fR
.ad
.sp .6
.RS 4n
An optional list of semicolon-separated (\fB;\fR) key-value pairs that describe
the security attributes to apply to the object upon execution. Zero or more
keys may be specified. The following keys are currently interpreted by the
system:
.sp
.ne 2
.na
\fB\fBauths\fR\fR
.ad
.sp .6
.RS 4n
Specifies a comma-separated list of authorization names chosen from those names
defined in the \fBauth_attr\fR(4) database. Authorization names may be
specified using the asterisk (\fB*\fR) character as a wildcard. For example,
\fBsolaris.printer.*\fR means all of Sun's printer authorizations.
.RE

.sp
.ne 2
.na
\fB\fBprofiles\fR\fR
.ad
.sp .6
.RS 4n
Contains an ordered, comma-separated list of profile names chosen from
\fBprof_attr\fR(4). Profiles are enforced by the profile shells, \fBpfcsh\fR,
\fBpfksh\fR, and \fBpfsh\fR. See \fBpfsh\fR(1). A default profile is assigned
in \fB/etc/security/policy.conf\fR (see \fBpolicy.conf\fR(4)). If no profiles
are assigned, the profile shells do not allow the user to execute any commands.
.RE

.sp
.ne 2
.na
\fB\fBroles\fR\fR
.ad
.sp .6
.RS 4n
Can be assigned a comma-separated list of role names from the set of user
accounts in this database whose \fBtype\fR field indicates the account is a
role. If the \fBroles\fR key value is not specified, the user is not permitted
to assume any role.
.RE

.sp
.ne 2
.na
\fB\fBtype\fR\fR
.ad
.sp .6
.RS 4n
Can be assigned one of these strings: \fBnormal\fR, indicating that this
account is for a normal user, one who logs in; or \fBrole\fR, indicating that
this account is for a role. Roles can only be assumed by a normal user after
the user has logged in.
.RE

.sp
.ne 2
.na
\fB\fBproject\fR\fR
.ad
.sp .6
.RS 4n
Can be assigned a name of one project from the \fBproject\fR(4) database to be
used as a default project to place the user in at login time. For more
information, see \fBgetdefaultproj\fR(3PROJECT).
.RE

.sp
.ne 2
.na
\fB\fBdefaultpriv\fR\fR
.ad
.sp .6
.RS 4n
The default set of privileges assigned to a user's inheritable set upon login.
See "Privileges Keywords," below.
.RE

.sp
.ne 2
.na
\fB\fBlimitpriv\fR\fR
.ad
.sp .6
.RS 4n
The maximum set of privileges a user or any process started by the user,
whether through \fBsu\fR(1M) or any other means, can obtain. The system
administrator must take extreme care when removing privileges from the limit
set. Removing any basic privilege has the ability of crippling all
applications; removing any other privilege can cause many or all applications
requiring privileges to malfunction. See "Privileges Keywords," below.
.RE

.sp
.ne 2
.na
\fB\fBlock_after_retries\fR\fR
.ad
.sp .6
.RS 4n
Specifies whether an account is locked after the count of failed logins for a
user equals or exceeds the allowed number of retries as defined by
\fBRETRIES\fR in \fB/etc/default/login\fR. Possible values are \fByes\fR or
\fBno\fR. The default is \fBno\fR. Account locking is applicable only to local
accounts.
.RE

.sp
.LP
Except for the \fBtype\fR key, the \fB\fIkey\fR=\fIvalue\fR\fR fields in
\fB/etc/user_attr\fR can be added using \fBroleadd\fR(1M) and
\fBuseradd\fR(1M). You can use \fBrolemod\fR(1M) and \fBusermod\fR(1M) to
modify \fB\fIkey\fR=\fIvalue\fR\fR fields in \fB/etc/user_attr\fR. Modification
of the \fBtype\fR key is restricted as described in \fBrolemod\fR and
\fBusermod\fR.
.SS "Privileges Keywords"
.sp
.LP
The \fBdefaultpriv\fR and \fBlimitpriv\fR are the privileges-related keywords
and are described above.
.sp
.LP
See \fBprivileges\fR(5) for a description of privileges. The command
\fBppriv\fR \fB-l\fR (see \fBppriv\fR(1)) produces a list of all supported
privileges. Note that you specify privileges as they are displayed by
\fBppriv\fR. In \fBprivileges\fR(5), privileges are listed in the form
\fBPRIV_\fR\fI<privilege_name>\fR\&. For example, the privilege
\fBfile_chown\fR, as you would specify it in \fBuser_attr\fR, is listed in
\fBprivileges\fR(5) as \fBPRIV_FILE_CHOWN\fR.
.sp
.LP
Privileges are specified through the Solaris Management Console
(\fBsmc\fR(1M)), the recommended method, or, on the command line, for users,
through\fBusermod\fR(1M). See \fBusermod\fR(1M) for examples of commands that
modify privileges and their subsequent effect on \fBuser_attr\fR.
.SH EXAMPLES
.LP
\fBExample 1 \fRAssigning a Profile to Root
.sp
.LP
The following example entry assigns to root the \fBAll\fR profile, which allows
root to use all commands in the system, and also assigns two authorizations:

.sp
.in +2
.nf
root::::auths=solaris.*,solaris.grant;profiles=All;type=normal
.fi
.in -2

.sp
.LP
The \fBsolaris.*\fR wildcard authorization shown above gives root all the
\fBsolaris\fR authorizations; and the \fBsolaris.grant\fR authorization gives
root the right to grant to others any \fBsolaris\fR authorizations that root
has. The combination of authorizations enables root to grant to others all the
\fBsolaris\fR authorizations. See \fBauth_attr\fR(4) for more about
authorizations.

.SH FILES
.sp
.ne 2
.na
\fB\fB/etc/nsswitch.conf\fR\fR
.ad
.sp .6
.RS 4n
See \fBnsswitch.conf\fR(4).
.RE

.sp
.ne 2
.na
\fB\fB/etc/user_attr\fR\fR
.ad
.sp .6
.RS 4n
Described here.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
box;
c | c
l | l .
ATTRIBUTE TYPE  ATTRIBUTE VALUE
_
Availibility    SUNWcsr
_
Interface Stability     See below
.TE

.sp
.LP
The command-line syntax is Committed. The output is Uncommitted.
.SH SEE ALSO
.sp
.LP
\fBauths\fR(1), \fBpfcsh\fR(1), \fBpfksh\fR(1), \fBpfsh\fR(1), \fBppriv\fR(1),
\fBprofiles\fR(1), \fBroles\fR(1), \fBroleadd\fR(1M), \fBrolemod\fR(1M),
\fBuseradd\fR(1M), \fBusermod\fR(1M), \fBgetdefaultproj\fR(3PROJECT),
\fBgetuserattr\fR(3SECDB), \fBauth_attr\fR(4), \fBexec_attr\fR(4),
\fBnsswitch.conf\fR(4), \fBpasswd\fR(4), \fBpolicy.conf\fR(4),
\fBprof_attr\fR(4), \fBproject\fR(4), \fBattributes\fR(5), \fBprivileges\fR(5)
.sp
.LP
\fISystem Administration Guide: Security Services\fR
.SH NOTES
.sp
.LP
When deciding which authorization source to use, if you are not using LDAP,
keep in mind that \fBNIS+\fR provides stronger authentication than \fBNIS\fR.
.sp
.LP
The root user is usually defined in local databases for a number of reasons,
including the fact that root needs to be able to log in and do system
maintenance in single-user mode, before the network name service databases are
available. For this reason, an entry should exist for root in the local
\fBuser_attr\fR file, and the precedence shown in the example
\fBnsswitch.conf\fR(4) file entry under EXAMPLES is highly recommended.
.sp
.LP
Because the list of legal keys is likely to expand, any code that parses this
database must be written to ignore unknown key-value pairs without error. When
any new keywords are created, the names should be prefixed with a unique
string, such as the company's stock symbol, to avoid potential naming
conflicts.
.sp
.LP
In the \fBattr\fR field, escape the following symbols with a backslash
(\fB\e\fR) if you use them in any value: colon (\fB:\fR), semicolon (\fB;\fR),
carriage return (\fB\en\fR), equals (\fB=\fR), or backslash (\fB\e\fR).