Trusted Solaris Administrator's Procedures

To Write a Profile Shell Script

Note -

When adding a profile shell script that runs commands with inherited privilege, the Security Administrator role needs to update an appropriate rights profile with a list of each of the commands that run within the shell script and to assign the commands any privileges they need. If a new shell script needs to be used by a role, all the commands that need security attributes must be added to the Custom role_name Profile or other profile that applies to the role, along with the name of the script itself.

Anyone with a text editor can write the shell script.

Start the script with /bin/pfsh (or any other profile shell) on the first line.
#!/bin/pfsh

Determine which commands need privileges and which privileges are needed.

In the example, /usr/lib/fs/nfs/nfsfind is a cron job owned by root that needs privileges in order to run successfully at ADMIN_HIGH. The tfind command needs the file_dac_search and file_dac_read privileges and the rm command needs the file_dac_search, file_dac_write, file_dac_read, and file_mac_write privileges. See "To Find Out Which Privileges a Program Needs", if needed.

#!/bin/pfsh
# Copyright (c) 1993, 1997, 1998, 1999 by Sun Microsystems, Inc.
#ident  "@(#)nfsfind.sh 1.5     97/05/21 SMI; TSOL 2.x"
#
# Check shared NFS filesystems for .nfs* files that
# are more than a week old.
# 
# These files are created by NFS clients when an open file
# is removed. To preserve some semblance of UNIX semantics
# the client renames the file to a unique name so that the
# file appears to have been removed from the directory, but
# is still usable by the process that has the file open.
if [ ! -s /etc/dfs/sharetab ]; then exit ; fi
 for dir in `awk '$3 == "nfs" {print $1}' /etc/dfs/sharetab`
do 
    tfind $dir -M -name .nfs\* -mtime +7 -mount -exec rm -f {} \;
done

Assume the Security Administrator role and go to an ADMIN_LOW workspace.

Use the Rights tool to update an appropriate profile to list the script, each of the commands that need to run within the shell script and to assign the commands the privileges they need.

See "To Launch the Solaris Management Console", if needed.

To continue with the example, to enable the System Administrator role to run the example cron script with the needed privileges, the Security Administrator uses the Rights tool to update the Custom Admin Role and makes sure it is assigned to the System Administrator role. The rights profile is modified to include the /usr/lib/fs/nfs/nfsfind script, the tfind command with the file_dac_search and file_dac_read privileges and the rm command with the file_dac_search, file_dac_write, file_dac_read, and file_mac_write privileges.

Caution -
When you add commands to a profile and give them privileges or other security attributes, the commands execute with those attributes, not only in the profile shell script but whenever they are invoked in any profile shell, as long as the profile is in effect for the invoking account. The order of profiles is also important: the profile shell executes a command or action with whatever security attributes are specified in the first profile in the account's list of profiles. For example, if tfind is in the Custom Root Profile with privileges, and the Custom Root Profile is the first profile in which tfind is found, then tfind will inherit the privileges specified in the Custom Root Profile when the root role executes tfind on the command line in a profile shell.