Once the SMC is initialized, users or roles can view one rights profile at a time in the Rights tool under Users in the SMC, or use the smprofile(1M) command described below to see a list of all profiles.
Assume the Security or System Administrator role.
To list the rights profiles in a name service domain, use the smprofile list command with the -D option to specify the name_service_type:/server_name/domain_name. Provide a password when prompted.
The following example lists the profiles that are defined in the NIS+ domain tropics.example.com whose NIS+ master server is toucan. The command is being executed on the tern system:
$ /usr/sadm/bin/smprofile list -D nisplus:/toucan/tropics.example.com -- Authenticating as user: janez Type /? for help, pressing <enter> accepts the default denoted by [ ] Please enter a string value for: password :: rolePassword Loading Tool: usermgr.cli.profile.UserMgrProfCli from tern Login to tern as user janez, role admin was successful. Download of usermgr.cli.profile.UserMgrProfCli from tern was successful. Profile name: All Actions Description: A complete set of actions (no commands) without any privilege. Profile name: All Authorizations Description: Grant all authorizations. Profile name: All Commands Description: A complete set of commands (but no actions) without any privilege. Profile name: All Description: Execute all commands and actions. ... Profile name: User Security Description: Manage passwords, clearances. Profile name: Trusted Edit Description: Use the trusted_edit script when editing. |
The following example lists the security attributes of the All profile.
$ /usr/sadm/bin/smprofile list \ -D nisplus:/toucan/tropics.example.com -- -l -n All ... Profile name: All Description: Execute all commands and actions help: RtAll.html Command: *;*;*;*;* policy: tsol type: act Command: * policy: tsol type: cmd |