System Administration Guide: Security Services

ProcedureHow to Add Privileges to a Command

You add privileges to a command when you are adding the command to a rights profile. The privileges enable the role that includes the rights profile to run the administrative command, while not gaining any other superuser capabilities.

Before You Begin

The command or program must be privilege-aware. For a fuller discussion, see How Processes Get Privileges.

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map).

  2. Open the Solaris Management Console GUI.

    For instructions, see How to Assume a Role in the Solaris Management Console.

  3. Use the Rights tool to update an appropriate profile.

    Select the command to include. For each included command, add the privileges that the command requires.

    Caution – Caution –

    When you include commands in a rights profile and add privileges to the commands, the commands execute with those privileges when the commands are run in a profile shell.

    The order of profiles is important. The profile shell executes a command or action with the security attributes that are specified in the earliest profile in the account's list of profiles. For example, if the chgrp command is in the Object Access Management rights profile with privileges, and Object Access Management is the first profile in which the chgrp command is found, then the chgrp command executes with the privileges specified in the Object Access Management profile.