oracle home
Securing Users and Processes in Oracle
®
Solaris 11.2
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Documentation Home
»
Oracle Solaris 11.2 Information Library
»
Securing Users and Processes in ...
»
Index P
Updated: July 2014
Securing Users and Processes in Oracle
®
Solaris 11.2
Document Information
Using This Documentation
Product Documentation Library
Access to Oracle Support
Feedback
Chapter 1 About Using Rights to Control Users and Processes
What's New in Rights in Oracle Solaris 11.2
User Rights Management
User and Process Rights Provide an Alternative to the Superuser Model
Basics of User and Process Rights
More About User Rights
More About User Authorizations
More About Rights Profiles
More About Roles
Process Rights Management
Privileges Protecting Kernel Processes
Privilege Descriptions
Administrative Differences on a System With Privileges
More About Privileges
How Privileges Are Implemented
How Privileges Are Used
How Processes Get Privileges
Privileges and Devices
Privileges and Resource Management
Legacy Applications and the Use of Privileges
Debugging Use of Privilege
Privilege Assignment
Assigning Privileges to Users and Processes
Expanding a User or Role's Privileges
Restricting Privileges for a User or Role
Assigning Privileges to a Script
Using Extended Privilege Policy to Restrict Privilege Use
Privilege Escalation and User Rights
Privilege Escalation and Kernel Privileges
Rights Verification
Profile Shells and Rights Verification
Name Service Scope and Rights Verification
Order of Search for Assigned Rights
Applications That Check for Rights
Applications That Check UIDs and GIDs
Applications That Check for Privileges
Applications That Check Authorizations
Considerations When Assigning Rights
Security Considerations When Assigning Rights
Usability Considerations When Assigning Rights
Chapter 2 Planning Your Administrative Rights Configuration
Deciding Which Rights Model to Use for Administration
Following Your Chosen Rights Model
Chapter 3 Assigning Rights in Oracle Solaris
Assigning Rights to Users
Who Can Assign Rights
Assigning Rights to Users and Roles
Creating a Role
Creating a Login for a Trusted User
Modifying a User's Rights
Modifying a Role's Rights
Enabling Users to Use Own Password for Role Password
Changing a Role Password
Deleting a Role
Expanding Users' Rights
Restricting Users' Rights
Chapter 4 Assigning Rights to Applications, Scripts, and Resources
Limiting Applications, Scripts, and Resources to Specific Rights
Assigning Rights to Applications and Scripts
How to Run a Shell Script With Privileged Commands
Locking Down Resources by Using Extended Privileges
How to Apply Extended Privilege Policy to a Port
How to Lock Down the MySQL Service
How to Assign Specific Privileges to the Apache Web Server
How to Determine Which Privileges the Apache Web Server Is Using
Users Locking Down the Applications That They Run
Chapter 5 Managing the Use of Rights
Managing the Use of Rights
Using Your Assigned Administrative Rights
Auditing Administrative Actions
Creating Rights Profiles and Authorizations
How to Create a Rights Profile
How to Clone and Modify a System Rights Profile
How to Create an Authorization
Changing Whether root Is a User or a Role
How to Change the root Role Into a User
Chapter 6 Listing Rights in Oracle Solaris
Listing Rights and Their Definitions
Listing Authorizations
Listing Rights Profiles
Listing Roles
Listing Privileges
Listing Qualified Attributes
Chapter 7 Troubleshooting Rights in Oracle Solaris
Troubleshooting Rights
How to Troubleshoot Rights Assignments
How to Reorder Assigned Rights
How to Determine Which Privileges a Program Requires
Chapter 8 Reference for Oracle Solaris Rights
Rights Profiles Reference
Viewing the Contents of Rights Profiles
Authorizations Reference
Authorization Naming Conventions
Delegation Authority in Authorizations
Rights Databases
Rights Databases and the Naming Services
user_attr Database
auth_attr Database
prof_attr Database
exec_attr Database
policy.conf File
Commands for Administering Rights
Commands That Manage Authorizations, Rights Profiles, and Roles
Selected Commands That Require Authorizations
Privileges Reference
Commands for Handling Privileges
Files That Contain Privilege Information
Privileged Actions in the Audit Record
Security Glossary
Index
Index Numbers and Symbols
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index K
Index L
Index M
Index N
Index O
Index P
Index Q
Index R
Index S
Index T
Index U
Index V
Index W
Index X
Index Z
Language:
English
P
–P
option
rolemod
command
Restricting an Administrator to Explicitly Assigned Rights
Replacing a Local Role's Assigned Profiles
useradd
command
Creating a User Who Can Administer DHCP
–p
option
add_drv
command
Commands for Handling Privileges
ipadm set-prop
command
How to Lock Down the MySQL Service
profiles
command
Viewing the Contents of Rights Profiles
Listing Rights Profiles
Cloning and Removing Selected Rights From a Rights Profile
How to Create a Rights Profile
How to Assign Specific Privileges to the Apache Web Server
How to Lock Down the MySQL Service
Preventing Guests From Spawning Editor Subprocesses
Enabling a Non-root Account to Read a root-Owned File
Modifying a Rights Profile to Enable a User to Use Own Password for Role Password
–P
option
roleadd
command
Caching Authentication for Ease of Role Use
rolemod
command
Assigning Rights Profiles in a Specific Order
–p
option
update_drv
command
Commands for Handling Privileges
packages
ARMOR
Using ARMOR Roles
MySQL
How to Lock Down the MySQL Service
PAM
adding
su
stack to configuration file
Caching Authentication for Ease of Role Use
modules
Caching Authentication for Ease of Role Use
stack to cache authentication
Caching Authentication for Ease of Role Use
time-sensitive user access
user_attr Database
Basics of User and Process Rights
pam_roles
module
Rights Administration Commands
pam_tty_tickets
module
Caching Authentication for Ease of Role Use
pam_unix_account
module
Rights Administration Commands
passwd
command
changing password of role
Changing a Role Password
Creating a Role
passwords
changing role password
Changing a Role Password
Creating a Role
using user's to assume role
How to Reorder Assigned Rights
Enabling a User to Use Own Password for Role Password
Perl scripts
for extended accounting
Enabling a Trusted User to Read Extended Accounting Files
permissive security policy
components of
Basics of User and Process Rights
creating
Expanding Users' Rights
permitted privilege set
How Privileges Are Implemented
pfbash
command
Rights Administration Commands
pfedit
command
Rights Administration Commands
Editing a System File
pfexec
command
Rights Administration Commands
Using Your Assigned Administrative Rights
planning
ARMOR role use
Following Your Chosen Rights Model
rights model use
Following Your Chosen Rights Model
use of rights
Following Your Chosen Rights Model
plus sign (
–
)
keyword modifier
Modifying a Role's Rights
policy.conf
file
description
policy.conf File
keywords
for authenticated rights profiles
policy.conf File
for authorizations
policy.conf File
for privileges
Files That Contain Privilege Information
policy.conf File
for rights profiles
policy.conf File
for workstation owner
policy.conf File
ports
protecting with extended privileges
How to Apply Extended Privilege Policy to a Port
powers
See
rights
ppriv
command
Commands for Handling Privileges
Listing the Privileges in Your Current Shell
Listing Privileges
predefined roles
ARMOR standard
Using ARMOR Roles
User and Process Rights Provide an Alternative to the Superuser Model
planning use of
Following Your Chosen Rights Model
principle of least privilege
Privileges Protecting Kernel Processes
Printer Management rights profile
Rights Profiles Reference
priv.debug
entry
syslog.conf
file
Files That Contain Privilege Information
PRIV_DEFAULT
keyword
policy.conf
file
policy.conf File
PRIV_LIMIT
keyword
policy.conf
file
Files That Contain Privilege Information
policy.conf File
PRIV_PFEXEC flag
Determining Whether You Are Using a Profile Shell
PRIV_PROC_LOCK_MEMORY privilege
Privileges and Resource Management
PRIV_XPOLICY flag
How to Lock Down the MySQL Service
privilege checking
Applications That Check for Privileges
privilege sets
adding privileges to
Assigning Privileges Directly to a User
Assigning Privileges Directly to a Role
Expanding a User or Role's Privileges
basic
How to Troubleshoot Rights Assignments
Listing the Basic Privileges and Their Definitions
How Privileges Are Implemented
effective
How Privileges Are Implemented
inheritable
How Privileges Are Implemented
limit
How to Troubleshoot Rights Assignments
How Privileges Are Implemented
listing
Listing Privileges That Are Used in Privilege Assignment
How Privileges Are Implemented
permitted
How Privileges Are Implemented
removing privileges from
Creating a Sun Ray Users Rights Profile
Removing a Basic Privilege From Yourself
Removing a Basic Privilege From a Rights Profile
Using Extended Privilege Policy to Restrict Privilege Use
Restricting Privileges for a User or Role
privileged application
authorization checking
Applications That Check Authorizations
checking for security attributes
Applications That Check for Rights
description
Basics of User and Process Rights
ID checking
Applications That Check UIDs and GIDs
privilege checking
Applications That Check for Privileges
privileged users
See
trusted users
privileges
adding to command in rights profile
Creating a Rights Profile That Includes Privileged Commands
assigning
to a command
Assigning Privileges to Users and Processes
to a script
Assigning Privileges to a Script
to a user
Assigning Privileges to Users and Processes
to Apache Web Server
How to Assign Specific Privileges to the Apache Web Server
to MySQL database
How to Lock Down the MySQL Service
to role
Assigning Privileges Directly to a Role
to user
Assigning Privileges Directly to a User
auditing and
Privileged Actions in the Audit Record
categories
Privilege Descriptions
checking in applications
Applications That Check for Privileges
commands
Commands for Handling Privileges
compared to authorizations
More About User Authorizations
Basics of User and Process Rights
compared to superuser model
Process Rights Management
debugging
Files That Contain Privilege Information
Debugging Use of Privilege
description
Privilege Descriptions
Privilege Descriptions
Basics of User and Process Rights
devices and
Privileges and Devices
differences from superuser model
Administrative Differences on a System With Privileges
escalation prevention at user level
Privilege Escalation and User Rights
escalation prevention in kernel
Privilege Escalation and Kernel Privileges
expanding user or role's
Expanding a User or Role's Privileges
extended privilege policy
Using Extended Privilege Policy to Restrict Privilege Use
Expanding a User or Role's Privileges
files
Files That Contain Privilege Information
finding missing
Using the ppriv Command to Examine Privilege Use in a Profile Shell
implemented in sets
How Privileges Are Implemented
inherited by processes
How Processes Get Privileges
legacy applications and
Assigning Security Attributes to a Legacy Application
Legacy Applications and the Use of Privileges
listing on a process
Listing the Privileges in Your Current Shell
PRIV_PROC_LOCK_MEMORY
Privileges and Resource Management
processes with assigned privileges
How Processes Get Privileges
programs aware of privileges
How Processes Get Privileges
protecting kernel processes
Privileges Protecting Kernel Processes
removing
basic privilege
Removing a Basic Privilege From a Rights Profile
basic privilege from your process
Removing a Basic Privilege From Yourself
from a rights profile
Removing a Basic Privilege From a Rights Profile
from a user
Restricting Privileges for a User or Role
from a user's limit set
Removing Privileges From a User's Limit Set
from yourself
Removing a Basic Privilege From Yourself
troubleshooting
lack of
How to Determine Which Privileges a Program Requires
user assignment
How to Troubleshoot Rights Assignments
using in shell script
How to Run a Shell Script With Privileged Commands
privileges
keyword
listing
Listing Privileges
PROC privileges
description
Privilege Descriptions
proc_owner
Privileges and Devices
process privileges
Privilege Descriptions
process rights management
See
privileges, rights
prof_attr
database
prof_attr Database
summary
Rights Databases
profile shells
description
Profile Shells and Rights Verification
determining if PRIV_PFEXEC flag is set
Determining Whether You Are Using a Profile Shell
opening
Using Your Assigned Administrative Rights
reading
exacct
network files
Enabling a Trusted User to Read Extended Accounting Files
restricting rights
Restricting an Administrator to Explicitly Assigned Rights
profiles
See
rights profiles
profiles
command
creating rights profiles
How to Create a Rights Profile
description
Rights Administration Commands
listing user's authenticated rights profiles
Listing Rights Profiles
listing user's rights profiles
Listing Rights and Their Definitions
use
Listing Rights Profiles
profiles
keyword
description
user_attr Database
listing
Listing Rights Profiles
PROFS_GRANTED
keyword
policy.conf
file
policy.conf File
programs
See
applications
project.max-locked-memory resource control
Privileges and Resource Management
Previous
Next