PROFILES(1) | User Commands | PROFILES(1) |
profiles [-l] [ user ]...
Multiple profiles can be combined to construct the appropriate access control. When profiles are assigned, the authorizations are added to the existing set. If the same command appears in multiple profiles, the first occurrence, as determined by the ordering of the profiles, is used for process-attribute settings. For convenience, a wild card can be specified to match all commands.
When profiles are interpreted, the profile list is loaded from user_attr(5). If any default profile is defined in /etc/security/policy.conf (see policy.conf(5)), the list of default profiles are added to the list loaded from user_attr(5). Matching entries in prof_attr(5) provide the authorizations list, and matching entries in exec_attr(5) provide the commands list.
-l
The output of the profiles command has the following form:
example% profiles tester01 tester02 tester01 : Audit Management, All Commands tester02 : Device Management, All Commands example%
Example 2 Using the list Option
example% profiles -l tester01 tester02 tester01 : Audit Management: /usr/sbin/audit euid=root /usr/sbin/auditconfig euid=root egid=sys All Commands: * tester02 : Device Management: /usr/bin/allocate: euid=root /usr/bin/deallocate: euid=root All Commands * example%
0
1
/etc/security/prof_attr
/etc/user_attr
/etc/security/policy.conf
January 7, 2018 | OmniOS |