Selected Commands That Require Authorizations
The following table provides examples of how authorizations are used
to limit command options on an Oracle Solaris system. For more discussion of authorizations,
see Authorizations Reference.
Table 8-2 Commands and Associated Authorizations
|
|
|
solaris.jobs.user required for all options (when neither
at.allow nor at.deny files exist)
|
|
solaris.jobs.admin required for all options
|
|
solaris.device.cdrw required for all options, which is granted by
default in the policy.conf file
|
|
solaris.jobs.user required for the option to submit a job (when
neither crontab.allow nor crontab.deny files exist)
solaris.jobs.admin required for the options to list or modify other users'
crontab files
|
|
solaris.device.allocate (or other authorization as specified in
device_allocate file) required to allocate a device
solaris.device.revoke (or other authorization as specified in
device_allocate file) required to allocate a device to another user
( –F option)
|
|
solaris.device.allocate (or other authorization as specified in
device_allocate file) required to deallocate another user's device
solaris.device.revoke (or other authorization as specified in
device_allocate) required to force deallocation of the specified device
(–F option) or all devices (–I option)
|
|
solaris.device.revoke required to list another user's devices
( –U option)
|
|
solaris.user.manage required to create a role.
solaris.account.activate required to set the initial password.
solaris.account.setpolicy required to set password policy, such as account
locking and password aging.
|
|
solaris.passwd.assign authorization required to delete the password.
|
|
solaris.passwd.assign authorization required to change the password.
solaris.account.setpolicy required to change password policy, such as account
locking and password aging.
|
|
solaris.mail required to access mail subsystem functions;
solaris.mail.mailq required to view mail queue
|
|
solaris.user.manage required to create a user.
solaris.account.activate required to set the initial password.
solaris.account.setpolicy required to set password policy, such as account
locking and password aging.
|
|
solaris.passwd.assign authorization required to delete the password.
|
|
solaris.passwd.assign authorization required to change the password.
solaris.account.setpolicy required to change password policy, such as account
locking and password aging.
|
|