oracle home
Securing Users and Processes in Oracle
®
Solaris 11.2
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Documentation Home
»
Oracle Solaris 11.2 Information Library
»
Securing Users and Processes in ...
»
Index A
Updated: July 2014
Securing Users and Processes in Oracle
®
Solaris 11.2
Document Information
Using This Documentation
Product Documentation Library
Access to Oracle Support
Feedback
Chapter 1 About Using Rights to Control Users and Processes
What's New in Rights in Oracle Solaris 11.2
User Rights Management
User and Process Rights Provide an Alternative to the Superuser Model
Basics of User and Process Rights
More About User Rights
More About User Authorizations
More About Rights Profiles
More About Roles
Process Rights Management
Privileges Protecting Kernel Processes
Privilege Descriptions
Administrative Differences on a System With Privileges
More About Privileges
How Privileges Are Implemented
How Privileges Are Used
How Processes Get Privileges
Privileges and Devices
Privileges and Resource Management
Legacy Applications and the Use of Privileges
Debugging Use of Privilege
Privilege Assignment
Assigning Privileges to Users and Processes
Expanding a User or Role's Privileges
Restricting Privileges for a User or Role
Assigning Privileges to a Script
Using Extended Privilege Policy to Restrict Privilege Use
Privilege Escalation and User Rights
Privilege Escalation and Kernel Privileges
Rights Verification
Profile Shells and Rights Verification
Name Service Scope and Rights Verification
Order of Search for Assigned Rights
Applications That Check for Rights
Applications That Check UIDs and GIDs
Applications That Check for Privileges
Applications That Check Authorizations
Considerations When Assigning Rights
Security Considerations When Assigning Rights
Usability Considerations When Assigning Rights
Chapter 2 Planning Your Administrative Rights Configuration
Deciding Which Rights Model to Use for Administration
Following Your Chosen Rights Model
Chapter 3 Assigning Rights in Oracle Solaris
Assigning Rights to Users
Who Can Assign Rights
Assigning Rights to Users and Roles
Creating a Role
Creating a Login for a Trusted User
Modifying a User's Rights
Modifying a Role's Rights
Enabling Users to Use Own Password for Role Password
Changing a Role Password
Deleting a Role
Expanding Users' Rights
Restricting Users' Rights
Chapter 4 Assigning Rights to Applications, Scripts, and Resources
Limiting Applications, Scripts, and Resources to Specific Rights
Assigning Rights to Applications and Scripts
How to Run a Shell Script With Privileged Commands
Locking Down Resources by Using Extended Privileges
How to Apply Extended Privilege Policy to a Port
How to Lock Down the MySQL Service
How to Assign Specific Privileges to the Apache Web Server
How to Determine Which Privileges the Apache Web Server Is Using
Users Locking Down the Applications That They Run
Chapter 5 Managing the Use of Rights
Managing the Use of Rights
Using Your Assigned Administrative Rights
Auditing Administrative Actions
Creating Rights Profiles and Authorizations
How to Create a Rights Profile
How to Clone and Modify a System Rights Profile
How to Create an Authorization
Changing Whether root Is a User or a Role
How to Change the root Role Into a User
Chapter 6 Listing Rights in Oracle Solaris
Listing Rights and Their Definitions
Listing Authorizations
Listing Rights Profiles
Listing Roles
Listing Privileges
Listing Qualified Attributes
Chapter 7 Troubleshooting Rights in Oracle Solaris
Troubleshooting Rights
How to Troubleshoot Rights Assignments
How to Reorder Assigned Rights
How to Determine Which Privileges a Program Requires
Chapter 8 Reference for Oracle Solaris Rights
Rights Profiles Reference
Viewing the Contents of Rights Profiles
Authorizations Reference
Authorization Naming Conventions
Delegation Authority in Authorizations
Rights Databases
Rights Databases and the Naming Services
user_attr Database
auth_attr Database
prof_attr Database
exec_attr Database
policy.conf File
Commands for Administering Rights
Commands That Manage Authorizations, Rights Profiles, and Roles
Selected Commands That Require Authorizations
Privileges Reference
Commands for Handling Privileges
Files That Contain Privilege Information
Privileged Actions in the Audit Record
Security Glossary
Index
Index Numbers and Symbols
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index K
Index L
Index M
Index N
Index O
Index P
Index Q
Index R
Index S
Index T
Index U
Index V
Index W
Index X
Index Z
Language:
English
A
–a
option
profiles
command
Listing Rights Profiles
access
controlling application access to specified directories
Users Locking Down the Applications That They Run
enabling to restricted files
Cloning and Enhancing the Network IPsec Management Rights Profile
Editing a System File
Enabling a Trusted User to Read Extended Accounting Files
limiting port privileges
How to Apply Extended Privilege Policy to a Port
restricting guest access to system
Assigning the Editor Restrictions Rights Profile to All Users
access_times
keyword
user_attr Database
Basics of User and Process Rights
access_tz
keyword
user_attr Database
Basics of User and Process Rights
adding
auditing of privileged actions
Auditing Administrative Actions
authorizations
to rights profile
Adding Authorizations to a Rights Profile
to role
Assigning Authorizations to a Role
to user
Assigning Authorizations Directly to a User
cryptomgt
role
Creating and Assigning a Role to Administer Cryptographic Services
extended privileges
by users
Users Locking Down the Applications That They Run
to a database
How to Lock Down the MySQL Service
to a port
How to Apply Extended Privilege Policy to a Port
to a web server
How to Assign Specific Privileges to the Apache Web Server
new authorization
How to Create an Authorization
new rights profile
Creating Rights Profiles and Authorizations
new rights profile from existing one
How to Clone and Modify a System Rights Profile
privileges
directly to role
Assigning Privileges Directly to a Role
directly to user
Assigning Privileges Directly to a User
to command in rights profile
Creating a Rights Profile That Includes Privileged Commands
rights
commands for
Commands for Administering Rights
to legacy applications
Running an Application With Assigned Rights
to rights profile
Creating Rights Profiles and Authorizations
to roles
Creating a Role
to users
Expanding Users' Rights
rights profiles to list of profiles
Adding a Rights Profile as the Role's First Rights Profile
roles
Assigning Rights to Users
security-related role
Creating and Assigning a Role to Administer Cryptographic Services
set ID
to legacy applications
Assigning Security Attributes to a Legacy Application
trusted users
Creating a User Who Can Administer DHCP
administering
ARMOR roles
Using ARMOR Roles
authorizations
How to Create an Authorization
How to Create an Authorization
extended privilege policy
Locking Down Resources by Using Extended Privileges
rights
authorizations
How to Create an Authorization
commands for
Commands for Administering Rights
instructions
Using Your Assigned Administrative Rights
legacy applications
Running an Application With Assigned Rights
Assigning Security Attributes to a Legacy Application
of a role
Enabling a User to Use Own Password for Role Password
Changing a Role Password
Creating a Role
of a user
Restricting Users' Rights
Expanding Users' Rights
rights profiles
Creating Rights Profiles and Authorizations
roles
How to Reorder Assigned Rights
rights profiles
Assigning Rights Profiles in a Specific Order
Creating Rights Profiles and Authorizations
Modifying a Rights Profile to Enable a User to Use Own Password for Role Password
role password
Changing a Role Password
Creating a Role
roles to replace superuser
Following Your Chosen Rights Model
user password to assume role
How to Reorder Assigned Rights
Enabling a User to Use Own Password for Role Password
without privileges
Administrative Differences on a System With Privileges
administrators
adding to users' rights
Expanding Users' Rights
installing ARMOR package
Using ARMOR Roles
restricting access to a database
How to Lock Down the MySQL Service
restricting access to a port
How to Apply Extended Privilege Policy to a Port
restricting rights
Restricting an Administrator to Explicitly Assigned Rights
restricting users' rights
Restricting Users' Rights
restricting web server privileges
How to Assign Specific Privileges to the Apache Web Server
All rights profile
Rights Profiles Reference
allocate
command
authorizations required for
Commands and Associated Authorizations
Apache Web Server
assigning extended privileges
How to Assign Specific Privileges to the Apache Web Server
verifying use of privilege
How to Determine Which Privileges the Apache Web Server Is Using
applications
Apache Web Server
How to Assign Specific Privileges to the Apache Web Server
assigning extended privileges
Protecting Directories on Your System From Application Processes
assigning extended privileges to editors
Preventing Guests From Spawning Editor Subprocesses
checking for authorizations
Checking for Authorizations in a Script or Program
Firefox browser
Running a Browser in a Protected Environment
legacy and privileges
Legacy Applications and the Use of Privileges
limiting access to specified directories
Protecting Directories on Your System From Application Processes
MySQL database
How to Lock Down the MySQL Service
preventing from spawning new processes
Preventing Selected Applications From Spawning New Processes
privilege-aware
How Processes Get Privileges
How Privileges Are Implemented
ARMOR
assigning roles to trusted users
Using ARMOR Roles
installing package
Using ARMOR Roles
introduction to standard
User and Process Rights Provide an Alternative to the Superuser Model
planning use of
Following Your Chosen Rights Model
assigning
authorizations in a rights profile
Adding Authorizations to a Rights Profile
privileges
to commands in a rights profile
Creating a Rights Profile That Includes Privileged Commands
to commands in a script
How to Run a Shell Script With Privileged Commands
to role
Assigning Privileges Directly to a Role
to user
Assigning Privileges Directly to a User
rights
securely
Security Considerations When Assigning Rights
to specific resources
Locking Down Resources by Using Extended Privileges
to users
User and Process Rights Provide an Alternative to the Superuser Model
usability considerations
Usability Considerations When Assigning Rights
rights profile
to a role
Creating a Role
to a user
Creating a User Who Can Administer DHCP
rights to users
to users
Restricting Users' Rights
Expanding Users' Rights
role to a user locally
Creating a Role
assuming role
how to
Expanding Users' Rights
in a terminal window
Assuming an ARMOR Role
root
Assuming the root Role
when assigned
Using Your Assigned Administrative Rights
asterisk (
*
)
checking for in authorizations
Checking for Authorizations in a Script or Program
wildcard character
in authorizations
Authorization Naming Conventions
at
command
authorizations required for
Commands and Associated Authorizations
atq
command
authorizations required for
Commands and Associated Authorizations
Audit Configuration rights profile
use of
Auditing Administrative Actions
audit_flags
keyword
description
user_attr Database
auditing
privileges and
Privileged Actions in the Audit Record
roles
Auditing Administrative Actions
auth_attr
database
auth_attr Database
Rights Databases
auth_profiles
keyword
description
user_attr Database
example of
Requiring a User to Type Password Before Administering DHCP
AUTH_PROFS_GRANTED
keyword
policy.conf
file
policy.conf File
authenticated rights profiles
assigning
Requiring a User to Type Password Before Administering DHCP
keyword in
policy.conf
file
policy.conf File
searched before rights profiles
How to Troubleshoot Rights Assignments
Order of Search for Assigned Rights
authorizations
See also
rights
adding to rights profile
Adding Authorizations to a Rights Profile
checking for wildcards
Checking for Authorizations in a Script or Program
checking in privileged application
Applications That Check Authorizations
commands requiring
Selected Commands That Require Authorizations
compared to privileges
More About User Authorizations
Basics of User and Process Rights
creating new ones
How to Create an Authorization
database
auth_attr Database
Rights Databases
delegating
Delegation Authority in Authorizations
description
Authorizations Reference
More About User Authorizations
Basics of User and Process Rights
effect of misspelling
How to Troubleshoot Rights Assignments
granularity
Authorization Naming Conventions
listing
Listing Authorizations
misspelling
How to Troubleshoot Rights Assignments
naming conventions
Authorization Naming Conventions
preventing privilege escalation
Privilege Escalation and User Rights
removing from rights profile
Cloning and Removing Selected Rights From a Rights Profile
troubleshooting
How to Troubleshoot Rights Assignments
auths
command
description
Rights Administration Commands
use
Listing Authorizations
How to Create an Authorization
Checking for Authorizations in a Script or Program
auths
keyword
description
user_attr Database
Adding Authorizations to a Rights Profile
use
Cloning and Removing Selected Rights From a Rights Profile
Cloning and Enhancing the Network IPsec Management Rights Profile
AUTHS_GRANTED
keyword
policy.conf
file
policy.conf File
Previous
Next