This section describes new or changed features in this release:
When the shutdown command is shutting down a system, the process creates an /etc/nologin file. This file displays a message indicating that the system is being shut down and that logins are not possible. Alternately, superuser can separately create and manage this /etc/nologin file.
This type of shutdown does not block the superuser from logging in. Starting in this release, the following additional users are not blocked when the nologin file is present on the system:
Users assigned with the root role
Users assigned with the solaris.system.maintenance authorization
For further information, see the nologin(4) and shutdown(1M) man pages.
System administrators who manage user accounts should note that the following security features that have changed in this release:
Specific extended rights can be applied to file objects, port numbers, and user IDs. These extended rights replace the set of rights that are otherwise available, except for the basic set.
For a discussion about expanding a user's rights, see Expanding a User or Role’s Privileges in Securing Users and Processes in Oracle Solaris 11.3.
For instructions, see Chapter 4, Assigning Rights to Applications, Scripts, and Resources in Securing Users and Processes in Oracle Solaris 11.3. Also, see the ppriv(1) or privileges(5) man pages.
You can set the auth_profiles right so that users must provide a password before executing a command that is assigned through a rights profile. The password is effective for a configurable period of time.
The AUTH_PROFS_GRANTED keyword in the policy.conf file sets the password requirement for running a privileged command for all users of a system.
For further information, see Expanding Users’ Rights in Securing Users and Processes in Oracle Solaris 11.3. Also, see the useradd(1M) and usermod(1M) man pages.