2 .\" Copyright (c) 2000, Sun Microsystems, Inc. All Rights Reserved
3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
6 .TH PROFILES 1 "Jan 7, 2018"
8 profiles \- print execution profiles for a user
12 \fBprofiles\fR [\fB-l\fR] [ \fIuser\fR ]...
17 The \fBprofiles\fR command prints on standard output the names of the execution
18 profiles that have been assigned to you or to the optionally-specified user or
19 role name. Profiles are a bundling mechanism used to enumerate the commands and
20 authorizations needed to perform a specific function. Along with each listed
21 executable are the process attributes, such as the effective user and group
22 \fBID\fRs, with which the process runs when started by a privileged command
23 interpreter. The profile shells are \fBpfksh\fR and \fBpfexec\fR.
24 See the \fBpfexec\fR(1) man page. Profiles can contain other profiles defined
25 in \fBprof_attr\fR(4).
28 Multiple profiles can be combined to construct the appropriate access control.
29 When profiles are assigned, the authorizations are added to the existing set.
30 If the same command appears in multiple profiles, the first occurrence, as
31 determined by the ordering of the profiles, is used for process-attribute
32 settings. For convenience, a wild card can be specified to match all commands.
35 When profiles are interpreted, the profile list is loaded from
36 \fBuser_attr\fR(4). If any default profile is defined in
37 \fB/etc/security/policy.conf\fR (see \fBpolicy.conf\fR(4)), the list of default
38 profiles are added to the list loaded from \fBuser_attr\fR(4). Matching entries
39 in \fBprof_attr\fR(4) provide the authorizations list, and matching entries in
40 \fBexec_attr\fR(4) provide the commands list.
43 The following options are supported:
50 Lists the commands in each profile followed by the special process attributes
51 such as user and group \fBID\fRs.
56 \fBExample 1\fR Sample Output
59 The output of the \fBprofiles\fR command has the following form:
64 example% \fBprofiles tester01 tester02\fR
65 tester01 : Audit Management, All Commands
66 tester02 : Device Management, All Commands
73 \fBExample 2\fR Using the \fBlist\fR Option
77 example% \fBprofiles -l tester01 tester02\fR
80 /usr/sbin/audit euid=root
81 /usr/sbin/auditconfig euid=root egid=sys
86 /usr/bin/allocate: euid=root
87 /usr/bin/deallocate: euid=root
97 The following exit values are returned:
104 Successful completion.
118 \fB/etc/security/exec_attr\fR
121 \fB/etc/security/prof_attr\fR
127 \fB/etc/security/policy.conf\fR
130 \fBauths\fR(1), \fBpfexec\fR(1), \fBroles\fR(1), \fBgetprofattr\fR(3SECDB),
131 \fBexec_attr\fR(4), \fBpolicy.conf\fR(4), \fBprof_attr\fR(4),
132 \fBuser_attr\fR(4), \fBattributes\fR(5)