Assigning Inheritable Privileges to a Command or Action

After a site is configured, a privilege should be granted by a site's Security Administrator role only if the security administrator is convinced that the command or action will use the privilege in a trustworthy manner.

Privileges are available by inheritance when they are in a command or action's allowed privilege set. The Security Administrator role uses the Rights tool in the Solaris Management Console to specify inheritable privileges for a command or an action. The role then assigns the rights profile to a user or role, unless the profile is consulted by the system shell during boot. See "System Shell" for the profiles that are not assigned to users or roles.

Previous: Giving Forced Privileges to an Executable File
Next: Passing Privileges to Child Processes