2 .\" Copyright 2017 Peter Tribble
3 .\" Copyright (c) 2006 by Sun Microsystems, Inc. All rights reserved
4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 .TH EXEC_ATTR 4 "Aug 3, 2017"
9 exec_attr \- execution profiles database
13 \fB/etc/security/exec_attr\fR
18 \fB/etc/security/exec_attr\fR is a local database that specifies the execution
19 attributes associated with profiles. The \fBexec_attr\fR file can be used with
20 other sources for execution profiles, including the \fBexec_attr\fR \fBNIS\fR
21 map. Programs use the \fBgetexecattr\fR(3SECDB) routines
22 to access this information.
25 The search order for multiple execution profile sources is specified in the
26 \fB/etc/nsswitch.conf\fR file, as described in the \fBnsswitch.conf\fR(4) man
27 page. The search order follows the entry for \fBprof_attr\fR(4).
30 A profile is a logical grouping of authorizations and commands that is
31 interpreted by a profile shell to form a secure execution environment. The
32 shells that interpret profiles are \fBpfcsh\fR, \fBpfksh\fR, and \fBpfsh\fR.
33 See the \fBpfsh\fR(1) man page. Each user's account is assigned zero or more
34 profiles in the \fBuser_attr\fR(4) database file.
37 Each entry in the \fBexec_attr\fR database consists of one line of text
38 containing seven fields separated by colons (\fB:\fR). Line continuations using
39 the backslash (\fB\e\fR) character are permitted. The basic format of each
43 \fIname\fR:\fIpolicy\fR:\fItype\fR:\fIres1\fR:\fIres2\fR:\fIid\fR:\fIattr\fR
50 The name of the profile. Profile names are case-sensitive.
59 The security policy that is associated with the profile entry. The valid
60 policies are \fBsuser\fR (standard Solaris superuser) and \fBsolaris\fR. The
61 \fBsolaris\fR policy recognizes privileges (see \fBprivileges\fR(5)); the
62 \fBsuser\fR policy does not.
64 The \fBsolaris\fR and \fBsuser\fR policies can coexist in the same
65 \fBexec_attr\fR database, so that Solaris releases prior to the current release
66 can use the \fBsuser\fR policy and the current Solaris release can use a
67 \fBsolaris\fR policy. \fBsolaris\fR is a superset of \fBsuser\fR; it allows you
68 to specify privileges in addition to UIDs. Policies that are specific to the
69 current release of Solaris or that contain privileges should use \fBsolaris\fR.
70 Policies that use UIDs only or that are not specific to the current Solaris
71 release should use \fBsuser\fR.
80 The type of object defined in the profile. There is one valid type: \fBcmd\fR.
89 Reserved for future use.
98 Reserved for future use.
107 A string that uniquely identifies the object described by the profile.
108 The id is either the full path to the command or the asterisk (\fB*\fR) symbol,
109 which is used to allow all commands. An asterisk that replaces the filename
110 component in a pathname indicates all files in a particular directory.
112 To specify arguments, the pathname should point to a shell script that is
113 written to execute the command with the desired argument. In a Bourne shell,
114 the effective UID is reset to the real UID of the process when the effective
115 UID is less than 100 and not equal to the real UID. Depending on the \fBeuid\fR
116 and \fBegid\fR values, Bourne shell limitations might make other shells
117 preferable. To prevent the effective UIDs from being reset to real UIDs, you
118 can start the script with the \fB-p\fR option.
134 An optional list of semicolon-separated (\fB;\fR) key-value pairs that describe
135 the security attributes to apply to the object upon execution. Zero or more
136 keys may be specified. The list of valid key words depends on the policy
137 enforced. The following key words are valid: \fBeuid\fR, \fBuid,\fR \fBegid\fR,
138 \fBgid\fR, \fBprivs\fR, and \fBlimitprivs\fR.
140 \fBeuid\fR and \fBuid\fR contain a single user name or a numeric user \fBID\fR.
141 Commands designated with \fBeuid\fR run with the effective \fBUID\fR indicated,
142 which is similar to setting the setuid bit on an executable file. Commands
143 designated with \fBuid\fR run with both the real and effective \fBUID\fRs.
144 Setting \fBuid\fR may be more appropriate than setting the \fBeuid\fR on
145 privileged shell scripts.
147 \fBegid\fR and \fBgid\fR contain a single group name or a numeric group
148 \fBID\fR. Commands designated with \fBegid\fR run with the effective \fBGID\fR
149 indicated, which is similar to setting the setgid bit on a file. Commands
150 designated with \fBgid\fR run with both the real and effective \fBGID\fRs.
151 Setting \fBgid\fR may be more appropriate than setting \fBguid\fR on privileged
154 \fBprivs\fR contains a privilege set which will be added to the inheritable set
155 prior to running the command.
157 \fBlimitprivs\fR contains a privilege set which will be assigned to the limit
158 set prior to running the command.
160 \fBprivs\fR and \fBlimitprivs\fR are only valid for the \fBsolaris\fR policy.
165 \fBExample 1 \fRUsing Effective User ID
168 The following example shows the \fBaudit\fR command specified in the Audit
169 Control profile to execute with an effective user \fBID\fR of root (\fB0\fR):
174 \fBAudit Control:suser:cmd:::/usr/sbin/audit:euid=0\fR
181 \fB/etc/nsswitch.conf\fR
187 \fB/etc/security/exec_attr\fR
190 See \fBattributes\fR(5) for descriptions of the following attributes:
198 ATTRIBUTE TYPE ATTRIBUTE VALUE
202 Interface Stability See below.
207 The command-line syntax is Committed. The output is Uncommitted.
210 Because the list of legal keys is likely to expand, any code that parses this
211 database must be written to ignore unknown key-value pairs without error. When
212 any new keywords are created, the names should be prefixed with a unique
213 string, such as the company's stock symbol, to avoid potential naming
217 The following characters are used in describing the database format and must be
218 escaped with a backslash if used as data: colon (\fB:\fR), semicolon (\fB;\fR),
219 equals (\fB=\fR), and backslash (\fB\e\fR).
222 \fBauths\fR(1), \fBprofiles\fR(1), \fBroles\fR(1),
223 \fBsh\fR(1), \fBmakedbm\fR(8), \fBgetauthattr\fR(3SECDB),
224 \fBgetexecattr\fR(3SECDB), \fBgetprofattr\fR(3SECDB),
225 \fBgetuserattr\fR(3SECDB), \fBkva_match\fR(3SECDB), \fBauth_attr\fR(4),
226 \fBprof_attr\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5),