MyWebUniversity.com Home Page
 



OpenSolaris man pages main menu 


File Formats                                         profattr(4)



NAME
     profattr - profile description database

SYNOPSIS
     /etc/security/profattr


DESCRIPTION
     /etc/security/profattr is a local source for execution pro-
     file  names, descriptions, and other attributes of execution
     profiles. The profattr file can be used with other  profile
     sources,  including  the  profattr  NIS map and NIS] table.
     Programs use the getprofattr(3SECDB) routines to gain access
     to this information.


     The search order for multiple profattr sources is specified
     in   the   /etc/nsswitch.conf  file,  as  described  in  the
     nsswitch.conf(4) man page.


     An execution profile is a mechanism used to bundle  together
     the commands and authorizations needed to perform a specific
     function. An execution profile can also contain other execu-
     tion profiles. Each entry in the profattr database consists
     of one line of text  containing  five  fields  separated  by
     colons (:). Line continuations using the backslash (\) char-
     acter are permitted. The format of each entry is:


     profname:res1:res2:desc:attr

     profname    The name  of  the  profile.  Profile  names  are
                 case-sensitive.


     res1        Reserved for future use.


     res2        Reserved for future use.


     desc        A long description. This  field  should  explain
                 the  purpose of the profile, including what type
                 of user would be interested  in  using  it.  The
                 long description should be suitable for display-
                 ing in the help text of an application.


     attr        An  optional  list  of  semicolon-separated  (;)
                 key-value   pairs  that  describe  the  security
                 attributes  to  apply   to   the   object   upon



SunOS 5.11           Last change: 3 Apr 2008                    1






File Formats                                         profattr(4)



                 execution.  Zero  or more keys can be specified.
                 There  are  four  valid  keys:  help,  profiles,
                 auths, and privs.

                 help is assigned the name of a  file  ending  in
                 .htm or .html.

                 auths  specifies  a  comma-separated   list   of
                 authorization  names  chosen  from  those  names
                 defined in the authattr(4) database. Authoriza-
                 tion  names  can be specified using the asterisk
                 (*)  character  as  a  wildcard.  For   example,
                 solaris.printer.*   would   mean  all  of  Sun's
                 authorizations for printing.

                 profiles specifies  a  comma-separated  list  of
                 profile names chosen from those names defined in
                 the profattr database.

                 privs  specifies  a  comma-separated   list   of
                 privileges names chosen from those names defined
                 in the privnames(4) database. These  privileges
                 can  then  be  used  for executing commands with
                 pfexec(1).


EXAMPLES
     Example 1 Allowing Execution of All Commands


     The following entry allows the user to execute all commands:


       All:::Use this profile to give a :help=All.html



     Example 2 Consulting the Local profattr File First


     With the following nsswitch.conf entry, the local  profattr
     file is consulted before the NIS] table:


       profattr: files nisplus



FILES
     /etc/nsswitch.conf





SunOS 5.11           Last change: 3 Apr 2008                    2






File Formats                                         profattr(4)



     /etc/security/profattr

NOTES
     When  deciding  which  authorization  source  to  use   (see
     DESCRIPTION),  keep  in  mind  that  NIS]  provides stronger
     authentication than NIS.


     The root user is usually defined in local databases  because
     root needs to be able to log in and do system maintenance in
     single-user mode and at other times when  the  network  name
     service  databases  are  not  available. So that the profile
     definitions for root can be located at  such  times,  root's
     profiles  should be defined in the local profattr file, and
     the order shown in the example nsswitch.conf(4)  file  entry
     under EXAMPLES is highly recommended.


     Because the list of legal keys is likely to expand, any code
     that  parses this database must be written to ignore unknown
     key-value pairs without error. When  any  new  keywords  are
     created,  the names should be prefixed with a unique string,
     such as the company's stock symbol, to avoid potential  nam-
     ing conflicts.


     Each application has its own requirements  for  whether  the
     help  value  must  be  a  relative  pathname  ending  with a
     filename or the name of a file. The only  known  requirement
     is for the name of a file.


     The following characters are used in describing the database
     format and must be escaped with a backslash if used as data:
     colon (:), semicolon (;), equals (=), and backslash (\).

SEE ALSO
     auths(1),   pfexec(1),   profiles(1),   getauthattr(3SECDB),
     getprofattr(3SECDB),    getuserattr(3SECDB),   authattr(4),
     execattr(4), privnames(4), userattr(4)















SunOS 5.11           Last change: 3 Apr 2008                    3
OpenSolaris man pages main menu
Contact us      |       About us      |       Term of use      |       Copyright © 2000-2010 MyWebUniversity.com ™