profiles – Lists the current user's rights profiles
profiles -a – Lists all rights profiles names
profiles -l – Lists the full definition of the current user's rights profiles
profiles username – Lists the rights profiles for username
profiles -x – Lists the current user's rights profiles that require authentication
profiles -x username – Lists the username's rights profiles that require authentication
profiles -p profile-name info – Pretty prints the contents of specified rights profile
getent prof_attr – Lists the full definition of all rights profiles in the naming service
$ profiles -a
Console User
CUPS Administration
Desktop Removable Media User
...
VSCAN Management
WUSB Management
Example 6-5 Listing the Contents of the Rights Profiles Database
$ getent prof_attr | more All:::Execute any command as the user or role:help=RtAll.html Audit Configuration:::Configure Solaris Audit:auths=solaris.smf.value.audit; help=RtAuditCfg.html ... Zone Management:::Zones Virtual Application Environment Administration: help=RtZoneMngmnt.html Zone Security:::Zones Virtual Application Environment Security:auths=solaris.zone.*, solaris.auth.delegate;help=RtZoneSecurity.html ...Example 6-6 Listing the Default Rights Profiles of Users
List your rights profiles. The following rights profiles are assigned to all users by default.
$ profiles Basic Solaris User AllExample 6-7 Listing the Rights Profiles of the Initial User
The initial user is assigned several rights profiles.
$ profiles Initial user System Administrator Audit Review ... CPU Power Management Basic Solaris User All
To show all the security attributes that are assigned to the initial user's profiles, use the –l option.
$ profiles -l Initial user | more
Initial user:
System Administrator
profiles=Install Service Management,Audit Review,Extended Accounting
Flow Management,Extended Accounting Net Management,Extended Accounting Process
Management,Extended Accounting Task Management,Printer Management,Cron Managem
ent,Device Management,File System Management,Log Management,Mail Management,
Maintenance and Repair,Media Catalog,Name Service Management,Network Management,
Project Management,RAD Management,Service Operator,Shadow Migration Monitor,So
Software Installation,System Configuration,User Management,ZFS Storage Management
/usr/sbin/gparted uid=0
Install Service Management
auths=solaris.autoinstall.service
profiles=Install Manifest Management,Install Profile Management,
Install Client Management
...
Example 6-8 Listing the Contents of an Assigned Rights Profile
The initial user lists the rights that are granted by the Audit Review profile.
$ profiles -l Audit Review solaris.audit.read /usr/sbin/auditreduce euid=0 /usr/sbin/auditstat privs=proc_audit /usr/sbin/praudit privs=file_dac_readExample 6-9 Listing the Security Attributes of a Command in a Rights Profile
This variant of the profiles command is useful for viewing the security attributes of a command in a rights profile that is not assigned to you.
First, list the commands in the profile.
% profiles -p "Audit Review" info name=Audit Review desc=Review Solaris Auditing logs help=RtAuditReview.html cmd=/usr/sbin/auditreduce cmd=/usr/sbin/auditstat cmd=/usr/sbin/praudit
Then, list the security attributes of one of the commands in the profile.
% profiles -p "Audit Review" "select cmd=/usr/sbin/praudit ; info; end;" select: command is read-only id=/usr/sbin/praudit privs=file_dac_read end: command is read-onlyExample 6-10 Listing the Contents of Rights Profiles That Are Recently Created
The –less option displays the most recently added rights profiles first. This variant of the profiles command is useful when you create or modify rights profiles at your site. The following output shows the contents of the profile that was added in Example 4–1. A regular user can run this command.
$ profiles -la | less
LegacyApp
/opt/legacy-app/bin/legacy-cmd
euid=0
OpenLDAP...