System Administration Guide: Security Services

Commands That Require Authorizations

The following table provides examples of how authorizations are used to limit command options on a Solaris system. For more discussion of authorizations, see Authorization Naming and Delegation.

Table 10–8 Commands and Associated Authorizations


Man Page for Command	Authorization Requirements
at(1)	`solaris.jobs.user` required for all options (when neither `at.allow` nor `at.deny` files exist)
atq(1)	`solaris.jobs.admin` required for all options
cdrw(1)	`solaris.device.cdrw` required for all options, and is granted by default in the `policy.conf` file
crontab(1)	`solaris.jobs.user` required for the option to submit a job (when neither `crontab.allow` nor `crontab.deny` files exist) `solaris.jobs.admin` required for the options to list or modify other users' `crontab` files
allocate(1)	`solaris.device.allocate` (or other authorization as specified in `device_allocate` file) required to allocate a device `solaris.device.revoke` (or other authorization as specified in `device_allocate` file) required to allocate a device to another user (`-F` option)
deallocate(1)	`solaris.device.allocate` (or other authorization as specified in `device_allocate` file) required to deallocate another user's device `solaris.device.revoke` (or other authorization as specified in `device_allocate`) required to force deallocation of the specified device (`-F` option) or all devices (`-I` option)
list_devices(1)	`solaris.device.revoke` required to list another user's devices (`-U` option)
sendmail(1M)	`solaris.mail` required to access mail subsystem functions; `solaris.mail.mailq` required to view mail queue