Go to main content

Securing Users and Processes in Oracle® Solaris 11.3

Exit Print View

Updated: September 2018
 
 

Index

Numbers and Symbols

$$ (double dollar sign)
parent shell process numberindex iconListing the Privileges in Your Current Shell
removing basic privilege from your processindex iconRemoving a Basic Privilege From Yourself
* (asterisk)
checking for in authorizationsindex iconChecking for Authorizations in a Script or Program
wildcard character
in authorizationsindex iconAuthorization Naming Conventions
+ (plus sign)
keyword modifierindex iconModifying a Role's Rights
- (minus sign)
keyword modifierindex iconModifying a Role's Rights
. (dot)
authorization name separatorindex iconAuthorization Naming Conventions
{} (curly braces)
extended privileges syntax
index iconHow to Lock Down the MySQL Service
index iconHow to Apply Extended Privilege Policy to a Port
index iconEnabling a Non-root Account to Read a root-Owned File
index iconEnabling a Trusted User to Read Extended Accounting Files

A

access
controlling application access to specified directoriesindex iconUsers Locking Down the Applications That They Run
enabling to restricted files
index iconCloning and Enhancing the Network IPsec Management Rights Profile
index iconEditing a System File
index iconEnabling a Trusted User to Read Extended Accounting Files
limiting port privilegesindex iconHow to Apply Extended Privilege Policy to a Port
restricting guest access to systemindex iconAssigning the Editor Restrictions Rights Profile to All Users
access_times keyword
index iconuser_attr Database
index iconBasics of User and Process Rights
access_tz keyword
index iconuser_attr Database
index iconBasics of User and Process Rights
account lockingindex iconRestricting Users' Rights
accounts
locking and unlockingindex iconHow to Set Account Locking for Regular Users
adding
auditing of privileged actionsindex iconAuditing Administrative Actions
authorizations
to rights profileindex iconAdding Authorizations to a Rights Profile
to roleindex iconAssigning Authorizations to a Role
to userindex iconAssigning Authorizations Directly to a User
cryptomgt roleindex iconCreating and Assigning a Role to Administer Cryptographic Services
extended privileges
by usersindex iconUsers Locking Down the Applications That They Run
to a databaseindex iconHow to Lock Down the MySQL Service
to a portindex iconHow to Apply Extended Privilege Policy to a Port
to a web serverindex iconHow to Assign Specific Privileges to the Apache HTTP Server
new authorizationindex iconHow to Create an Authorization
new rights profileindex iconCreating Rights Profiles and Authorizations
new rights profile from existing oneindex iconHow to Clone and Modify a System Rights Profile
privileges
directly to roleindex iconAssigning Privileges Directly to a Role
directly to userindex iconAssigning Privileges Directly to a User
to command in rights profileindex iconCreating a Rights Profile That Includes Privileged Commands
rights
commands forindex iconCommands for Administering Rights
to legacy applicationsindex iconRunning an Application With Assigned Rights
to rights profileindex iconCreating Rights Profiles and Authorizations
to rolesindex iconCreating a Role
to usersindex iconExpanding Users' Rights
rights profiles to list of profilesindex iconAdding a Rights Profile as the Role's First Rights Profile
rolesindex iconAssigning Rights to Users
security-related roleindex iconCreating and Assigning a Role to Administer Cryptographic Services
set ID
to legacy applicationsindex iconAssigning Security Attributes to a Legacy Application
trusted usersindex iconCreating a Trusted User to Administer DHCP
administering
ARMOR rolesindex iconUsing ARMOR Roles
authorizations
index iconHow to Create an Authorization
index iconHow to Create an Authorization
extended privilege policyindex iconLocking Down Resources by Using Extended Privileges
immutable zonesindex iconAdministering Immutable Zones
rights
authorizationsindex iconHow to Create an Authorization
commands forindex iconCommands for Administering Rights
instructionsindex iconUsing Your Assigned Administrative Rights
legacy applications
index iconRunning an Application With Assigned Rights
index iconAssigning Security Attributes to a Legacy Application
of a role
index iconEnabling a User to Use Own Password for Role Password
index iconChanging a Role Password
index iconCreating a Role
of a user
index iconRestricting Users' Rights
index iconExpanding Users' Rights
rights profilesindex iconCreating Rights Profiles and Authorizations
rolesindex iconHow to Reorder Assigned Rights
rights profiles
index iconAssigning Rights Profiles in a Specific Order
index iconCreating Rights Profiles and Authorizations
index iconModifying a Rights Profile to Enable a User to Use Own Password for Role Password
role password
index iconChanging a Role Password
index iconCreating a Role
roles to replace superuserindex iconFollowing Your Chosen Rights Model
user password to assume role
index iconHow to Reorder Assigned Rights
index iconEnabling a User to Use Own Password for Role Password
without privilegesindex iconAdministrative Differences on a System With Privileges
administrative accounts
creating roles forindex iconCreating a Role for an Application Administrator
administrators
adding to users' rightsindex iconExpanding Users' Rights
installing ARMOR packageindex iconUsing ARMOR Roles
restricting access to a databaseindex iconHow to Lock Down the MySQL Service
restricting access to a portindex iconHow to Apply Extended Privilege Policy to a Port
restricting rightsindex iconRestricting an Administrator to Explicitly Assigned Rights
restricting users' rightsindex iconRestricting Users' Rights
restricting web server privilegesindex iconHow to Assign Specific Privileges to the Apache HTTP Server
All rights profileindex iconRights Profiles Reference
allocate command
authorizations required forindex iconCommands and Associated Authorizations
Apache HTTP Server
assigning extended privilegesindex iconHow to Assign Specific Privileges to the Apache HTTP Server
verifying use of privilegeindex iconHow to Determine Which Privileges the Apache HTTP Server Is Using
applications
Apache HTTP Serverindex iconHow to Assign Specific Privileges to the Apache HTTP Server
assigning extended privilegesindex iconProtecting Directories on Your System From Application Processes
assigning extended privileges to editorsindex iconPreventing Guests From Spawning Editor Subprocesses
checking for authorizationsindex iconChecking for Authorizations in a Script or Program
Firefox browserindex iconRunning a Browser in a Protected Environment
legacy and privilegesindex iconLegacy Applications and the Use of Privileges
limiting access to specified directoriesindex iconProtecting Directories on Your System From Application Processes
MySQL databaseindex iconHow to Lock Down the MySQL Service
preventing from spawning new processesindex iconPreventing Selected Applications From Spawning New Processes
privilege-aware
index iconHow Processes Get Privileges
index iconHow Privileges Are Implemented
ARMOR
assigning roles to trusted usersindex iconUsing ARMOR Roles
installing packageindex iconUsing ARMOR Roles
introduction to standardindex iconUser and Process Rights Provide an Alternative to the Superuser Model
planning use ofindex iconFollowing Your Chosen Rights Model
assigning
authorizations in a rights profileindex iconAdding Authorizations to a Rights Profile
privileges
to commands in a rights profileindex iconCreating a Rights Profile That Includes Privileged Commands
to commands in a scriptindex iconHow to Run a Shell Script With Privileged Commands
to roleindex iconAssigning Privileges Directly to a Role
to userindex iconAssigning Privileges Directly to a User
profile shell as login shell
index iconCreating a Trusted User to Administer DHCP
index iconCreating a Login for a Trusted User
rights
securelyindex iconSecurity Considerations When Assigning Rights
to specific resourcesindex iconLocking Down Resources by Using Extended Privileges
to usersindex iconUser and Process Rights Provide an Alternative to the Superuser Model
usability considerationsindex iconUsability Considerations When Assigning Rights
rights profile
to a roleindex iconCreating a Role
to a userindex iconCreating a Trusted User to Administer DHCP
rights profiles
index iconHow to Remove Unneeded Basic Privileges From Users
index iconHow to Set Account Locking for Regular Users
rights to users
to users
index iconRestricting Users' Rights
index iconExpanding Users' Rights
role to a user locallyindex iconCreating a Role
assuming role
how toindex iconExpanding Users' Rights
in a terminal windowindex iconAssuming an ARMOR Role
rootindex iconAssuming the root Role
when assignedindex iconUsing Your Assigned Administrative Rights
asterisk (*)
checking for in authorizationsindex iconChecking for Authorizations in a Script or Program
wildcard character
in authorizationsindex iconAuthorization Naming Conventions
at command
authorizations required forindex iconCommands and Associated Authorizations
atq command
authorizations required forindex iconCommands and Associated Authorizations
Audit Configuration rights profile
use ofindex iconAuditing Administrative Actions
audit command
–s optionindex iconAuditing Administrative Actions
audit_flags keyword
descriptionindex iconuser_attr Database
auditing
privileges andindex iconPrivileged Actions in the Audit Record
rolesindex iconAuditing Administrative Actions
auth_attr database
index iconauth_attr Database
index iconRights Databases
auth_profiles keyword
descriptionindex iconuser_attr Database
example ofindex iconRequiring a User to Type Password Before Administering DHCP
AUTH_PROFS_GRANTED keyword
policy.conf fileindex iconpolicy.conf File
authenticated rights profiles
assigningindex iconRequiring a User to Type Password Before Administering DHCP
keyword in policy.conf fileindex iconpolicy.conf File
searched before rights profiles
index iconHow to Troubleshoot Rights Assignments
index iconOrder of Search for Assigned Rights
authorizations  See Alsoindex iconrights
adding to rights profileindex iconAdding Authorizations to a Rights Profile
checking for wildcardsindex iconChecking for Authorizations in a Script or Program
checking in privileged applicationindex iconApplications That Check Authorizations
commands requiringindex iconSelected Commands That Require Authorizations
compared to privileges
index iconMore About User Authorizations
index iconBasics of User and Process Rights
creating new onesindex iconHow to Create an Authorization
database
index iconauth_attr Database
index iconRights Databases
delegatingindex iconDelegation Authority in Authorizations
description
index iconAuthorizations Reference
index iconMore About User Authorizations
index iconBasics of User and Process Rights
effect of misspellingindex iconHow to Troubleshoot Rights Assignments
granularityindex iconAuthorization Naming Conventions
listingindex iconListing Authorizations
misspellingindex iconHow to Troubleshoot Rights Assignments
naming conventionsindex iconAuthorization Naming Conventions
preventing privilege escalationindex iconPrivilege Escalation and User Rights
removing from rights profileindex iconCloning and Removing Selected Rights From a Rights Profile
troubleshootingindex iconHow to Troubleshoot Rights Assignments
auths command
descriptionindex iconRights Administration Commands
–t optionindex iconHow to Create an Authorization
use
index iconListing Authorizations
index iconHow to Create an Authorization
index iconChecking for Authorizations in a Script or Program
auths keyword
description
index iconuser_attr Database
index iconAdding Authorizations to a Rights Profile
use
index iconCloning and Removing Selected Rights From a Rights Profile
index iconCloning and Enhancing the Network IPsec Management Rights Profile
AUTHS_GRANTED keyword
policy.conf fileindex iconpolicy.conf File

B

basic privilege setindex iconHow Privileges Are Implemented
basic privileges
limiting use by serviceindex iconHow to Lock Down the MySQL Service
Basic Solaris User rights profileindex iconRights Profiles Reference
browsers
protecting user files with extended privilegesindex iconUsers Locking Down the Applications That They Run

C

capabilities  Seeindex iconrights
cdrw command
authorizations required forindex iconCommands and Associated Authorizations
changing
password of role
index iconChanging a Role Password
index iconCreating a Role
rights
of a portindex iconHow to Apply Extended Privilege Policy to a Port
of a scriptindex iconHow to Run a Shell Script With Privileged Commands
of a web serverindex iconHow to Assign Specific Privileges to the Apache HTTP Server
of an applicationindex iconAssigning Rights to Applications and Scripts
of an editorindex iconPreventing Guests From Spawning Editor Subprocesses
of Firefoxindex iconUsers Locking Down the Applications That They Run
of roleindex iconCreating a Role
to MySQL databaseindex iconHow to Lock Down the MySQL Service
rights profile contentsindex iconCreating Rights Profiles and Authorizations
root role into userindex iconChanging Whether root Is a User or a Role
umaskindex iconHow to Set a More Restrictive umask Value for Regular Users
user file permissionsindex iconHow to Set a More Restrictive umask Value for Regular Users
cloning
rights profile contentsindex iconHow to Clone and Modify a System Rights Profile
commands
determining user's privileged commandsindex iconListing Privileges
determining user's qualified attributesindex iconListing Qualified Attributes
for administering privilegesindex iconCommands for Handling Privileges
rights administration commandsindex iconCommands That Manage Authorizations, Rights Profiles, and Roles
that assign privilegesindex iconAssigning Privileges to Users and Processes
that check for privilegesindex iconApplications That Check for Privileges
components
rights management, ofindex iconBasics of User and Process Rights
configuration files
policy.conf fileindex iconRights Administration Commands
syslog.conf fileindex iconFiles That Contain Privilege Information
with privilege informationindex iconFiles That Contain Privilege Information
configuring
authorizationsindex iconHow to Create an Authorization
power managementindex iconHow to Remove Power Management Capability From Users
privileged usersindex iconCreating a Trusted User to Administer DHCP
protected databaseindex iconHow to Lock Down the MySQL Service
protected portindex iconHow to Apply Extended Privilege Policy to a Port
protected web serverindex iconHow to Assign Specific Privileges to the Apache HTTP Server
protection of user files from applicationsindex iconUsers Locking Down the Applications That They Run
restricted usersindex iconRestricting Users' Rights
rights
index iconRestricting Users' Rights
index iconExpanding Users' Rights
index iconFollowing Your Chosen Rights Model
rights profilesindex iconCreating Rights Profiles and Authorizations
roles
index iconCreating a Role
index iconAssigning Rights to Users
root role as userindex iconChanging Whether root Is a User or a Role
trusted usersindex iconCreating a Role
Console User rights profile
index iconRights Profiles Reference
index iconHow to Remove Power Management Capability From Users
CONSOLE_USER keyword
policy.conf fileindex iconpolicy.conf File
creating
ARMOR rolesindex iconUsing ARMOR Roles
authorizationindex iconHow to Create an Authorization
privileged usersindex iconCreating a Trusted User to Administer DHCP
rights profiles
index iconCreating Rights Profiles and Authorizations
index iconCreating a Rights Profile for Administrators of a Third-Party Application
rolesindex iconAssigning Rights to Users
root userindex iconHow to Change the root Role Into a User
crontab files
authorizations required forindex iconCommands and Associated Authorizations
Crypto Management rights profile
using in a roleindex iconCreating and Assigning a Role to Administer Cryptographic Services
Cryptographic Framework
administering with roleindex iconCreating and Assigning a Role to Administer Cryptographic Services
curly braces ({})
extended privileges syntax
index iconHow to Lock Down the MySQL Service
index iconHow to Apply Extended Privilege Policy to a Port
index iconEnabling a Non-root Account to Read a root-Owned File
index iconEnabling a Trusted User to Read Extended Accounting Files

D

daemons
nscd (name service cache daemon)index iconRights Administration Commands
running with privilegesindex iconVisible Differences Between a System With Privileges and a System Without Privileges
databases
auth_attrindex iconauth_attr Database
exec_attrindex iconexec_attr Database
MySQLindex iconHow to Lock Down the MySQL Service
prof_attrindex iconprof_attr Database
protecting with extended privilegesindex iconHow to Lock Down the MySQL Service
rightsindex iconRights Databases
user_attrindex iconuser_attr Database
dax_access privilegeindex iconWhat's New in Rights in Oracle Solaris 11.3
deallocate command
authorizations required forindex iconCommands and Associated Authorizations
defaultpriv keywordindex iconHow to Remove Unneeded Basic Privileges From Users
descriptionindex iconuser_attr Database
defaults
privileges settings in policy.conf fileindex iconFiles That Contain Privilege Information
delegating authorizationsindex iconDelegation Authority in Authorizations
determining
Apache HTTP Server's privilegesindex iconHow to Determine Which Privileges the Apache HTTP Server Is Using
privileges on a processindex iconListing the Privileges in Your Current Shell
required privilegesindex iconHow to Determine Which Privileges a Program Requires
rights, available or assignedindex iconListing Rights and Their Definitions
which rights model to useindex iconDeciding Which Rights Model to Use for Administration
devices
rights model andindex iconPrivileges and Devices
superuser model andindex iconPrivileges and Devices
displaying
roles you can assume
index iconRights Administration Commands
index iconAssuming an ARMOR Role
dot (.)
authorization name separatorindex iconAuthorization Naming Conventions
double dollar sign ($$)
parent shell process numberindex iconListing the Privileges in Your Current Shell
removing basic privilege from your shellindex iconRemoving a Basic Privilege From Yourself

E

/etc/default/login fileindex iconHow to Set Account Locking for Regular Users
/etc/security/policy.conf file
editingindex iconHow to Remove Unneeded Basic Privileges From Users
/etc/security/policy.conf file
editing
index iconHow to Remove Unneeded Basic Privileges From Users
index iconHow to Set Account Locking for Regular Users
/etc/security/policy.conf file
editingindex iconHow to Remove Power Management Capability From Users
editors
preventing from spawning new processesindex iconPreventing Guests From Spawning Editor Subprocesses
restricting for guest userindex iconPreventing Guests From Spawning Editor Subprocesses
effective privilege setindex iconHow Privileges Are Implemented
escalation of privilege
descriptionindex iconPrivilege Escalation and User Rights
preventing in devicesindex iconPrivileges and Devices
exacct files
reading with Perl scriptsindex iconEnabling a Trusted User to Read Extended Accounting Files
exec_attr database
index iconexec_attr Database
index iconRights Databases
expanding users rightsindex iconExpanding Users' Rights
Extended Accounting Net Management rights profileindex iconEnabling a Trusted User to Read Extended Accounting Files
extended policy  Seeindex iconextended privileges
extended privilege policy  Seeindex iconextended privileges
extended privileges
administeringindex iconLocking Down Resources by Using Extended Privileges
assigned by regular usersindex iconUsers Locking Down the Applications That They Run
assigning
in rights profileindex iconPreventing Guests From Spawning Editor Subprocesses
to a databaseindex iconHow to Lock Down the MySQL Service
to a portindex iconHow to Apply Extended Privilege Policy to a Port
to trusted usersindex iconEnabling a Trusted User to Read Extended Accounting Files
to web serverindex iconHow to Assign Specific Privileges to the Apache HTTP Server
description
index iconUsing Extended Privilege Policy to Restrict Privilege Use
index iconExpanding a User or Role's Privileges
listingindex iconHow to Lock Down the MySQL Service
PRIV_XPOLICY flagindex iconHow to Lock Down the MySQL Service
protecting files of regular usersindex iconUsers Locking Down the Applications That They Run
reading root-owned filesindex iconEnabling a Non-root Account to Read a root-Owned File

F

FILE privileges
descriptionindex iconPrivilege Descriptions
file_chownindex iconHow Processes Get Privileges
file_chown_selfindex iconPrivilege Escalation and Kernel Privileges
files
/etc/default/loginindex iconHow to Set Account Locking for Regular Users
containing privilege informationindex iconFiles That Contain Privilege Information
privileges relating toindex iconPrivilege Descriptions
Firefox browser
assigning extended privilegesindex iconRunning a Browser in a Protected Environment
flags
PRIV_PFEXEC in profile shellsindex iconDetermining Whether You Are Using a Profile Shell
PRIV_XPOLICY on processindex iconHow to Lock Down the MySQL Service

G

getent command
descriptionindex iconRights Administration Commands
listing commands with assigned security attributesindex iconListing Privileges
listing contents of rights databasesindex iconListing Rights and Their Definitions
listing definitions of all authorizationsindex iconListing the Content of the Authorizations Database
listing definitions of all rights profilesindex iconListing the Contents of the Rights Profiles Database
listing qualified security attributesindex iconListing Qualified Attributes
usingindex iconChanging the root User Into the root Role

H

hardware
restricting user control ofindex iconHow to Remove Power Management Capability From Users
host qualified attribute
descriptionindex iconuser_attr Database

I

idlecmd keyword
descriptionindex iconuser_attr Database
useindex iconHow to Troubleshoot Rights Assignments
idletime keyword
descriptionindex iconuser_attr Database
useindex iconHow to Troubleshoot Rights Assignments
immutable zones
administeringindex iconAdministering Immutable Zones
inheritable privilege setindex iconHow Privileges Are Implemented
IPC privilegesindex iconPrivilege Descriptions
IPS packages  Seeindex iconpackages

K

kernel processes and privilegesindex iconPrivileges Protecting Kernel Processes
keywords
defaultprivindex iconHow to Remove Unneeded Basic Privileges From Users
lock_after_retriesindex iconHow to Set Account Locking for Regular Users
RETRIESindex iconHow to Set Account Locking for Regular Users

L

ldapaddent command
listing all qualified security attributesindex iconListing Qualified Attributes
least privilege
principle ofindex iconPrivileges Protecting Kernel Processes
legacy applications and privileges
index iconAssigning Security Attributes to a Legacy Application
index iconLegacy Applications and the Use of Privileges
limit privilege setindex iconHow Privileges Are Implemented
limitpriv keywordindex iconuser_attr Database
Linux behaviors
sudo command
index iconCreating a Role That Requires the User's Password
index iconUsing Your Assigned Administrative Rights
user password when assuming role
index iconModifying a Rights Profile to Enable a User to Use Own Password for Role Password
index iconEnabling a User to Use Own Password for Role Password
index iconEnabling Users to Use Own Password for Role Password
list_devices command
authorizations required forindex iconCommands and Associated Authorizations
listing
all rightsindex iconListing Rights and Their Definitions
authorizationsindex iconListing Authorizations
default rights configurationindex iconListing Rights and Their Definitions
privilegesindex iconListing Privileges
qualifiers to security attributesindex iconListing Qualified Attributes
rightsindex iconListing Rights and Their Definitions
rights of initial userindex iconListing Rights and Their Definitions
rights profilesindex iconListing Rights Profiles
rolesindex iconListing Roles
roles you can assume
index iconRights Administration Commands
index iconAssuming an ARMOR Role
your rightsindex iconListing Rights and Their Definitions
lock_after_retries keywordindex iconHow to Set Account Locking for Regular Users
lock_after_retries keyword
descriptionindex iconuser_attr Database
locking
accountsindex iconRestricting Users' Rights
user account automaticallyindex iconHow to Set Account Locking for Regular Users
logging in
remote root loginindex iconChanging Whether root Is a User or a Role
users' basic privilege setindex iconHow Privileges Are Implemented

M

man pages
commands that require authorizationsindex iconSelected Commands That Require Authorizations
rightsindex iconCommands That Manage Authorizations, Rights Profiles, and Roles
managing  Seeindex iconadministering
Media Backup rights profile
assigning to trusted usersindex iconDistribution of Rights
Media Restore rights profile
preventing privilege escalationindex iconPrivilege Escalation and User Rights
minus sign (-)
keyword modifierindex iconModifying a Role's Rights
modifying  Seeindex iconchanging
monitoring
use of privileged commandsindex iconAuditing Administrative Actions
MySQL database
installing IPS packageindex iconHow to Lock Down the MySQL Service
protecting with extended privilegesindex iconHow to Lock Down the MySQL Service

N

naming conventions
authorizationsindex iconAuthorization Naming Conventions
naming services
rights databases andindex iconRights Databases and the Naming Services
scope of assigned rightsindex iconName Service Scope and Rights Verification
NET privilegesindex iconPrivilege Descriptions
netgroup qualified attribute
descriptionindex iconuser_attr Database
network
privileges relating toindex iconPrivilege Descriptions
Network IPsec Management rights profile
adding solaris.admin.edit authorizationindex iconCloning and Enhancing the Network IPsec Management Rights Profile
non-UNIX accounts
troubleshooting password assignmentsindex iconUsing the openldap System Account to Run a cron Job
nscd (name service cache daemon)
useindex iconRights Administration Commands

O

Object Access Management rights profileindex iconHow Processes Get Privileges
obtaining
privileged commandsindex iconCreating a Role
privileges
index iconAssigning Privileges Directly to a User
index iconAssigning Privileges Directly to a Role
index iconAssigning Privileges to Users and Processes
index iconHow Processes Get Privileges
privileges on a processindex iconListing the Privileges in Your Current Shell
one-time passwords
requiring use ofindex iconRestricting Users' Rights
one-time passwords (OTP)index iconWhat's New in Rights in Oracle Solaris 11.3
Operator rights profile
assigning to roleindex iconDistribution of Rights
descriptionindex iconRights Profiles Reference
order of search
authenticated rights profilesindex iconOrder of Search for Assigned Rights
rightsindex iconOrder of Search for Assigned Rights
rights profiles exampleindex iconAdding a Rights Profile as the Role's First Rights Profile
user security attributesindex iconOrder of Search for Assigned Rights

P

packages
ARMORindex iconUsing ARMOR Roles
MySQLindex iconHow to Lock Down the MySQL Service
PAM
adding su stack to configuration fileindex iconCaching Authentication for Ease of Role Use
modulesindex iconCaching Authentication for Ease of Role Use
stack to cache authenticationindex iconCaching Authentication for Ease of Role Use
time-sensitive user access
index iconuser_attr Database
index iconBasics of User and Process Rights
pam_roles moduleindex iconRights Administration Commands
pam_tty_tickets moduleindex iconCaching Authentication for Ease of Role Use
pam_unix_account moduleindex iconRights Administration Commands
passwd command
changing password of role
index iconChanging a Role Password
index iconCreating a Role
NP accountsindex iconUsing the openldap System Account to Run a cron Job
passwords
changing role password
index iconChanging a Role Password
index iconCreating a Role
locking out usersindex iconHow to Set Account Locking for Regular Users
overriding constraintsindex iconOverriding the Password Requirements for an Account
unlocking userindex iconHow to Set Account Locking for Regular Users
using user's to assume role
index iconHow to Reorder Assigned Rights
index iconEnabling a User to Use Own Password for Role Password
Perl scripts
for extended accountingindex iconEnabling a Trusted User to Read Extended Accounting Files
permissions
changing user file permissionsindex iconHow to Set a More Restrictive umask Value for Regular Users
permissive security policy
components ofindex iconBasics of User and Process Rights
creatingindex iconExpanding Users' Rights
permitted privilege setindex iconHow Privileges Are Implemented
pfbash commandindex iconRights Administration Commands
pfedit command
index iconRights Administration Commands
index iconEditing a System File
pfexec command
index iconRights Administration Commands
index iconUsing Your Assigned Administrative Rights
planning
ARMOR role useindex iconFollowing Your Chosen Rights Model
rights model useindex iconFollowing Your Chosen Rights Model
use of rightsindex iconFollowing Your Chosen Rights Model
plus sign (+)
keyword modifierindex iconModifying a Role's Rights
policy.conf file
descriptionindex iconpolicy.conf File
keywords
for authenticated rights profilesindex iconpolicy.conf File
for authorizationsindex iconpolicy.conf File
for privileges
index iconFiles That Contain Privilege Information
index iconpolicy.conf File
for rights profilesindex iconpolicy.conf File
for workstation ownerindex iconpolicy.conf File
ports
protecting with extended privilegesindex iconHow to Apply Extended Privilege Policy to a Port
power management
configuringindex iconHow to Remove Power Management Capability From Users
powers  Seeindex iconrights
ppriv command
index iconCommands for Handling Privileges
index iconListing the Privileges in Your Current Shell
index iconListing Privileges
–eD option
index iconHow to Determine Which Privileges a Program Requires
index iconHow to Run a Shell Script With Privileged Commands
–r optionindex iconUsers Locking Down the Applications That They Run
–s optionindex iconProtecting Directories on Your System From Application Processes
predefined roles
ARMOR standard
index iconUsing ARMOR Roles
index iconUser and Process Rights Provide an Alternative to the Superuser Model
planning use ofindex iconFollowing Your Chosen Rights Model
principle of least privilegeindex iconPrivileges Protecting Kernel Processes
Printer Management rights profileindex iconRights Profiles Reference
priv.debug entry
syslog.conf fileindex iconFiles That Contain Privilege Information
PRIV_DEFAULT keyword
policy.conf fileindex iconpolicy.conf File
PRIV_LIMIT keyword
policy.conf file
index iconFiles That Contain Privilege Information
index iconpolicy.conf File
PRIV_PFEXEC flagindex iconDetermining Whether You Are Using a Profile Shell
PRIV_PROC_LOCK_MEMORY privilegeindex iconPrivileges and Resource Management
PRIV_XPOLICY flagindex iconHow to Lock Down the MySQL Service
privilege checkingindex iconApplications That Check for Privileges
privilege sets
adding privileges to
index iconAssigning Privileges Directly to a User
index iconAssigning Privileges Directly to a Role
index iconExpanding a User or Role's Privileges
basic
index iconHow to Troubleshoot Rights Assignments
index iconListing the Basic Privileges and Their Definitions
index iconHow Privileges Are Implemented
effectiveindex iconHow Privileges Are Implemented
inheritableindex iconHow Privileges Are Implemented
limit
index iconHow to Troubleshoot Rights Assignments
index iconHow Privileges Are Implemented
listing
index iconListing Privileges That Are Used in Privilege Assignment
index iconHow Privileges Are Implemented
permittedindex iconHow Privileges Are Implemented
removing privileges from
index iconCreating a Sun Ray Users Rights Profile
index iconRemoving Basic Privileges From a Rights Profile
index iconCreating a Remote Users Rights Profile
index iconRemoving a Basic Privilege From Yourself
index iconUsing Extended Privilege Policy to Restrict Privilege Use
index iconRestricting Privileges for a User or Role
privileged application
authorization checkingindex iconApplications That Check Authorizations
checking for security attributesindex iconApplications That Check for Rights
descriptionindex iconBasics of User and Process Rights
ID checkingindex iconApplications That Check UIDs and GIDs
privilege checkingindex iconApplications That Check for Privileges
privileged users  Seeindex icontrusted users
privileges
adding to command in rights profileindex iconCreating a Rights Profile That Includes Privileged Commands
assigning
to a commandindex iconAssigning Privileges to Users and Processes
to a scriptindex iconAssigning Privileges to a Script
to a userindex iconAssigning Privileges to Users and Processes
to Apache HTTP Serverindex iconHow to Assign Specific Privileges to the Apache HTTP Server
to MySQL databaseindex iconHow to Lock Down the MySQL Service
to roleindex iconAssigning Privileges Directly to a Role
to userindex iconAssigning Privileges Directly to a User
auditing andindex iconPrivileged Actions in the Audit Record
categoriesindex iconPrivilege Descriptions
checking in applicationsindex iconApplications That Check for Privileges
commandsindex iconCommands for Handling Privileges
compared to authorizations
index iconMore About User Authorizations
index iconBasics of User and Process Rights
compared to superuser modelindex iconProcess Rights Management
dax_accessindex iconWhat's New in Rights in Oracle Solaris 11.3
debugging
index iconFiles That Contain Privilege Information
index iconDebugging Use of Privilege
description
index iconPrivilege Descriptions
index iconPrivilege Descriptions
index iconBasics of User and Process Rights
devices andindex iconPrivileges and Devices
differences from superuser modelindex iconAdministrative Differences on a System With Privileges
escalation prevention at user levelindex iconPrivilege Escalation and User Rights
escalation prevention in kernelindex iconPrivilege Escalation and Kernel Privileges
expanding user or role'sindex iconExpanding a User or Role's Privileges
extended privilege policy
index iconUsing Extended Privilege Policy to Restrict Privilege Use
index iconExpanding a User or Role's Privileges
filesindex iconFiles That Contain Privilege Information
finding missingindex iconUsing the ppriv Command to Examine Privilege Use in a Profile Shell
implemented in setsindex iconHow Privileges Are Implemented
inherited by processesindex iconHow Processes Get Privileges
legacy applications and
index iconAssigning Security Attributes to a Legacy Application
index iconLegacy Applications and the Use of Privileges
limiting usersindex iconHow to Remove Unneeded Basic Privileges From Users
listing on a processindex iconListing the Privileges in Your Current Shell
PRIV_PROC_LOCK_MEMORYindex iconPrivileges and Resource Management
processes with assigned privilegesindex iconHow Processes Get Privileges
programs aware of privilegesindex iconHow Processes Get Privileges
protecting kernel processesindex iconPrivileges Protecting Kernel Processes
removing
basic privilegeindex iconRemoving Basic Privileges From a Rights Profile
basic privilege from your processindex iconRemoving a Basic Privilege From Yourself
from a rights profileindex iconRemoving Basic Privileges From a Rights Profile
from a userindex iconRestricting Privileges for a User or Role
from a user's limit setindex iconRemoving Privileges From a User's Limit Set
from yourselfindex iconRemoving a Basic Privilege From Yourself
removing basicindex iconHow to Remove Unneeded Basic Privileges From Users
troubleshooting
lack ofindex iconHow to Determine Which Privileges a Program Requires
user assignmentindex iconHow to Troubleshoot Rights Assignments
using in shell scriptindex iconHow to Run a Shell Script With Privileged Commands
privileges keyword
listingindex iconListing Privileges
PROC privileges
descriptionindex iconPrivilege Descriptions
proc_ownerindex iconPrivileges and Devices
process privilegesindex iconPrivilege Descriptions
process rights management  Seeindex iconprivileges, rights
prof_attr databaseindex iconprof_attr Database
summaryindex iconRights Databases
profile shells
assigning to usersindex iconCreating a Login for a Trusted User
descriptionindex iconProfile Shells and Rights Verification
determining if PRIV_PFEXEC flag is setindex iconDetermining Whether You Are Using a Profile Shell
login shells for trusted usersindex iconCreating a Trusted User to Administer DHCP
openingindex iconUsing Your Assigned Administrative Rights
reading exacct network filesindex iconEnabling a Trusted User to Read Extended Accounting Files
restricting rightsindex iconRestricting an Administrator to Explicitly Assigned Rights
profiles  Seeindex iconrights profiles
profiles command
creating rights profilesindex iconHow to Create a Rights Profile
descriptionindex iconRights Administration Commands
listing user's authenticated rights profilesindex iconListing Rights Profiles
listing user's rights profilesindex iconListing Rights and Their Definitions
useindex iconListing Rights Profiles
profiles keyword
descriptionindex iconuser_attr Database
listingindex iconListing Rights Profiles
PROFS_GRANTED keyword
policy.conf fileindex iconpolicy.conf File
programs  Seeindex iconapplications
project.max-locked-memory resource controlindex iconPrivileges and Resource Management
pwhash commandindex iconWhat's New in Rights in Oracle Solaris 11.3

Q

qualified user attributes
descriptionindex iconAbout Qualified User Attributes
overviewindex iconBasics of User and Process Rights
qualifier attribute
listingindex iconListing Qualified Attributes
user_attr databaseindex iconuser_attr Database

R

–R option
useradd commandindex iconRights Administration Commands
removing
basic privilege from application
index iconUsers Locking Down the Applications That They Run
index iconHow to Lock Down the MySQL Service
basic privilege from rights profileindex iconRemoving Basic Privileges From a Rights Profile
basic privilege from yourselfindex iconRemoving a Basic Privilege From Yourself
basic privileges from a rights profileindex iconRemoving Basic Privileges From a Rights Profile
limit privilege from userindex iconRemoving Privileges From a User's Limit Set
power management capability from usersindex iconHow to Remove Power Management Capability From Users
privileges from a userindex iconHow to Remove Unneeded Basic Privileges From Users
role assignmentsindex iconHow to Change the root Role Into a User
users' rightsindex iconRestricting Users' Rights
replacing
keyword values
index iconRequiring a User to Type Password Before Administering DHCP
index iconModifying a Role's Rights
root role with root userindex iconHow to Change the root Role Into a User
root user with root roleindex iconChanging the root User Into the root Role
superuser with rolesindex iconFollowing Your Chosen Rights Model
resource controls
privileges, andindex iconPrivileges and Resource Management
project.max-locked-memoryindex iconPrivileges and Resource Management
zone.max-locked-memoryindex iconPrivileges and Resource Management
restricted files
enabling read access toindex iconEnabling a Trusted User to Read Extended Accounting Files
enabling write access to
index iconCloning and Enhancing the Network IPsec Management Rights Profile
index iconEditing a System File
restricting
access to computer by time and dayindex iconBasics of User and Process Rights
database privilegesindex iconHow to Lock Down the MySQL Service
editor of guest userindex iconPreventing Guests From Spawning Editor Subprocesses
guest access to systemindex iconAssigning the Editor Restrictions Rights Profile to All Users
login attemptsindex iconRestricting Users' Rights
port privilegesindex iconHow to Apply Extended Privilege Policy to a Port
rights in a rights profile
index iconCreating a Sun Ray Users Rights Profile
index iconRemoving Basic Privileges From a Rights Profile
index iconCreating a Remote Users Rights Profile
user control of hardwareindex iconHow to Remove Power Management Capability From Users
user file permissionsindex iconHow to Set a More Restrictive umask Value for Regular Users
web server privilegesindex iconHow to Assign Specific Privileges to the Apache HTTP Server
restrictive security policy
components ofindex iconBasics of User and Process Rights
creatingindex iconRestricting Users' Rights
enforcingindex iconLocking Down Resources by Using Extended Privileges
RETRIES keywordindex iconHow to Set Account Locking for Regular Users
rights  See Alsoindex iconauthorizations, privileges, rights profiles, roles
access_times keywordindex iconBasics of User and Process Rights
access_tz keywordindex iconBasics of User and Process Rights
account lockingindex iconRestricting Users' Rights
adding privileged usersindex iconCreating a Trusted User to Administer DHCP
administration commandsindex iconCommands That Manage Authorizations, Rights Profiles, and Roles
assigningindex iconExpanding Users' Rights
authenticated rights profilesindex iconRequiring a User to Type Password Before Administering DHCP
to restrict usersindex iconRestricting Users' Rights
to usersindex iconAssigning Rights to Users
auditing use ofindex iconAuditing Administrative Actions
authorization databaseindex iconauth_attr Database
authorizationsindex iconMore About User Authorizations
basic conceptsindex iconBasics of User and Process Rights
changing role passwords
index iconChanging a Role Password
index iconCreating a Role
checking for
index iconApplications That Check UIDs and GIDs
index iconRights Verification
checking scripts or programs for authorizationsindex iconChecking for Authorizations in a Script or Program
commands forindex iconCommands for Administering Rights
commands for managingindex iconCommands That Manage Authorizations, Rights Profiles, and Roles
compared to superuser modelindex iconUser and Process Rights Provide an Alternative to the Superuser Model
configuring
index iconRestricting Users' Rights
index iconExpanding Users' Rights
considerations when directly assigningindex iconConsiderations When Assigning Rights
creating authorizationsindex iconHow to Create an Authorization
creating rights profilesindex iconCreating Rights Profiles and Authorizations
databasesindex iconRights Databases
defaultsindex iconListing Rights and Their Definitions
elementsindex iconBasics of User and Process Rights
expanding usersindex iconExpanding Users' Rights
gaining administrativeindex iconUsing Your Assigned Administrative Rights
limiting login attemptsindex iconRestricting Users' Rights
listing allindex iconListing Rights and Their Definitions
modifying rolesindex iconCreating a Role
naming services andindex iconRights Databases and the Naming Services
Network Security rights profileindex iconExample of a User Rights and Process Rights Assignment
new features in this releaseindex iconWhat's New in Rights in Oracle Solaris 11.3
order of searchindex iconOrder of Search for Assigned Rights
planning use ofindex iconFollowing Your Chosen Rights Model
privileges on commandsindex iconApplications That Check for Privileges
profile shellsindex iconProfile Shells and Rights Verification
reading exacct network files
index iconEnabling a Trusted User to Read Extended Accounting Files
index iconEnabling a Trusted User to Read Extended Accounting Files
recommended rolesindex iconUser and Process Rights Provide an Alternative to the Superuser Model
removing from usersindex iconRestricting Users' Rights
restricting administrator to explicitly assignedindex iconRestricting an Administrator to Explicitly Assigned Rights
restricting rightsindex iconRestricting an Administrator to Explicitly Assigned Rights
restricting users to specific times of accessindex iconBasics of User and Process Rights
restricting users'index iconRestricting Users' Rights
rights profile databaseindex iconprof_attr Database
rights profilesindex iconMore About Rights Profiles
search orderindex iconOrder of Search for Assigned Rights
securing scriptsindex iconAssigning Rights to Applications and Scripts
security considerations when assigningindex iconSecurity Considerations When Assigning Rights
special ID on commandsindex iconApplications That Check UIDs and GIDs
troubleshootingindex iconHow to Troubleshoot Rights Assignments
usability considerations when assigningindex iconUsability Considerations When Assigning Rights
using user password to assume role
index iconHow to Reorder Assigned Rights
index iconEnabling a User to Use Own Password for Role Password
viewing allindex iconListing Rights and Their Definitions
viewing yourindex iconListing Rights and Their Definitions
rights management  Seeindex iconprivileges, rights
rights profiles
adding privileges to commandindex iconCreating a Rights Profile That Includes Privileged Commands
adding solaris.admin.edit authorizationindex iconCloning and Enhancing the Network IPsec Management Rights Profile
Allindex iconRights Profiles Reference
assigning
to usersindex iconCreating a Trusted User to Administer DHCP
assigning to trusted usersindex iconDistribution of Rights
authenticating with user's password
index iconAssigning Rights Profiles in a Specific Order
index iconModifying a Rights Profile to Enable a User to Use Own Password for Role Password
Basic Solaris Userindex iconRights Profiles Reference
changing contents ofindex iconCreating Rights Profiles and Authorizations
cloning contents ofindex iconHow to Clone and Modify a System Rights Profile
compared to rolesindex iconMore About Roles
Console User
index iconRights Profiles Reference
index iconHow to Remove Power Management Capability From Users
index iconHow to Remove Power Management Capability From Users
index iconOrder of Search for Assigned Rights
contents of typicalindex iconRights Profiles Reference
creatingindex iconHow to Create a Rights Profile
creating and assigning
index iconHow to Remove Unneeded Basic Privileges From Users
index iconHow to Set Account Locking for Regular Users
creating for remote usersindex iconCreating a Remote Users Rights Profile
creating for Sun Ray usersindex iconCreating a Sun Ray Users Rights Profile
databases  Seeindex iconexec_attr database, prof_attr database
description
index iconMore About Rights Profiles
index iconBasics of User and Process Rights
Extended Accounting Net Managementindex iconEnabling a Trusted User to Read Extended Accounting Files
first in listindex iconAdding a Rights Profile as the Role's First Rights Profile
major rights profiles descriptionsindex iconRights Profiles Reference
modifyingindex iconCreating Rights Profiles and Authorizations
Network IPsec Managementindex iconCloning and Enhancing the Network IPsec Management Rights Profile
Object Access Managementindex iconHow Processes Get Privileges
Operatorindex iconRights Profiles Reference
order of searchindex iconOrder of Search for Assigned Rights
preventing privilege escalation
index iconPrivilege Escalation and User Rights
index iconDistribution of Rights
Printer Managementindex iconRights Profiles Reference
removing authorizationsindex iconCloning and Removing Selected Rights From a Rights Profile
restricting basic privilegesindex iconRemoving Basic Privileges From a Rights Profile
restricting rights of all users of a systemindex iconModifying the policy.conf File to Limit the Rights Available to System Users
Stop
index iconRights Profiles Reference
index iconOrder of Search for Assigned Rights
System Administratorindex iconRights Profiles Reference
third-party applicationsindex iconCreating a Rights Profile for Administrators of a Third-Party Application
troubleshootingindex iconHow to Troubleshoot Rights Assignments
viewing contentsindex iconViewing the Contents of Rights Profiles
VSCAN Managementindex iconCloning and Removing Selected Rights From a Rights Profile
role-based access control (RBAC)  Seeindex iconrights
roleadd command
authorizations required forindex iconCommands and Associated Authorizations
description
index iconRights Administration Commands
index iconRights Administration Commands
example of usingindex iconCreating and Assigning a Role to Administer Cryptographic Services
–P optionindex iconCaching Authentication for Ease of Role Use
–s optionindex iconCreating a User Administrator Role in the LDAP Repository
–S optionindex iconCreating a User Administrator Role in the LDAP Repository
roleauth keyword
example of using
index iconChanging the Value of roleauth for a Role in the LDAP Repository
index iconEnabling a User to Use Own Password for Role Password
index iconEnabling Users to Use Own Password for Role Password
passwords for roles
index iconHow to Reorder Assigned Rights
index iconEnabling a User to Use Own Password for Role Password
useindex iconCaching Authentication for Ease of Role Use
roledel command
authorizations required forindex iconCommands and Associated Authorizations
example of usingindex iconDeleting a Role
rolemod command
assigning rights to a roleindex iconReplacing a Local Role's Assigned Profiles
authorizations required forindex iconCommands and Associated Authorizations
changing rights of roleindex iconReplacing a Local Role's Assigned Profiles
descriptionindex iconRights Administration Commands
example of using
index iconEnabling a User to Use Own Password for Role Password
index iconEnabling Users to Use Own Password for Role Password
–K optionindex iconHow to Change the root Role Into a User
passwords for roles
index iconHow to Reorder Assigned Rights
index iconEnabling a User to Use Own Password for Role Password
roles
ARMORindex iconUser and Process Rights Provide an Alternative to the Superuser Model
assigning
privileges toindex iconAssigning Privileges Directly to a Role
rightsindex iconAssigning Rights to Users
with usermod commandindex iconCreating a Role
assuming
after loginindex iconMore About Roles
ARMORindex iconAssuming an ARMOR Role
in a terminal window
index iconAssuming an ARMOR Role
index iconProfile Shells and Rights Verification
root roleindex iconAssuming the root Role
to use assigned rightsindex iconUsing Your Assigned Administrative Rights
auditingindex iconAuditing Administrative Actions
authenticating with user's password
index iconHow to Reorder Assigned Rights
index iconEnabling a User to Use Own Password for Role Password
changing password of
index iconChanging a Role Password
index iconCreating a Role
changing properties ofindex iconCreating a Role
compared to rights profilesindex iconMore About Roles
configured like sudoindex iconCreating a Role That Requires the User's Password
creatingindex iconAssigning Rights to Users
creating ARMORindex iconUsing ARMOR Roles
creating for administrative accountsindex iconCreating a Role for an Application Administrator
deletingindex iconDeleting a Role
descriptionindex iconMore About Roles
determining directly assigned privilegesindex iconAdding to a Role's Basic Privileges
determining role's privileged commandsindex iconDetermining the Privileged Commands of a Role
listing local roles
index iconRights Administration Commands
index iconAssuming an ARMOR Role
making root role into userindex iconChanging Whether root Is a User or a Role
modifyingindex iconCreating a Role
planning predefinedindex iconFollowing Your Chosen Rights Model
predefined
index iconUsing ARMOR Roles
index iconUser and Process Rights Provide an Alternative to the Superuser Model
removing assignment from usersindex iconHow to Change the root Role Into a User
separation of duty
index iconUsing Two Roles to Configure Auditing
index iconCreating Roles for Separation of Duty
summaryindex iconBasics of User and Process Rights
use in user rights assignmentindex iconUser and Process Rights Provide an Alternative to the Superuser Model
using an assigned roleindex iconAssuming an ARMOR Role
using user password
index iconModifying a Rights Profile to Enable a User to Use Own Password for Role Password
index iconExample of a User Rights and Process Rights Assignment
with user passwordsindex iconCreating a Role That Requires the User's Password
roles command
descriptionindex iconRights Administration Commands
usingindex iconAssuming an ARMOR Role
roles keyword
listingindex iconListing Roles
root role
assuming roleindex iconAssuming the root Role
changing from root userindex iconChanging the root User Into the root Role
changing to root userindex iconChanging Whether root Is a User or a Role
created at installationindex iconDistribution of Rights
descriptionindex iconDistribution of Rights
overriding password constraintsindex iconOverriding the Password Requirements for an Account
secure remote loginindex iconChanging Whether root Is a User or a Role
troubleshootingindex iconPreventing the root Role From Being Used to Maintain a System
root user
changing into root roleindex iconChanging the root User Into the root Role
replacing in rights modelindex iconMore About Roles

S

applications
protecting administrative accountsindex iconCreating a Role for an Application Administrator
–S option
profiles commandindex iconCreating a Sun Ray Users Rights Profile
scope of assigned rightsindex iconName Service Scope and Rights Verification
scripts
checking for authorizationsindex iconChecking for Authorizations in a Script or Program
for extended accountingindex iconEnabling a Trusted User to Read Extended Accounting Files
Perl scriptsindex iconEnabling a Trusted User to Read Extended Accounting Files
running with privilegesindex iconAssigning Privileges to a Script
securingindex iconAssigning Rights to Applications and Scripts
use of privileges inindex iconHow to Run a Shell Script With Privileged Commands
security attributes  See Alsoindex iconrights
descriptionindex iconBasics of User and Process Rights
qualified
index iconAbout Qualified User Attributes
index iconBasics of User and Process Rights
security policy
default rightsindex iconRights Databases
restrictive and permissiveindex iconBasics of User and Process Rights
security properties  Seeindex iconrights
sendmail command
authorizations required forindex iconCommands and Associated Authorizations
separation of duty
security and non-security rolesindex iconCreating Roles for Separation of Duty
two roles to handle auditingindex iconUsing Two Roles to Configure Auditing
shell commands
passing parent shell process numberindex iconListing the Privileges in Your Current Shell
shells
determining if privilegedindex iconDetermining Whether You Are Using a Profile Shell
listing privileges on processindex iconListing the Privileges in Your Current Shell
privileged versionsindex iconProfile Shells and Rights Verification
troubleshooting if profileindex iconHow to Troubleshoot Rights Assignments
usability considerationsindex iconUsability Considerations When Assigning Rights
writing privileged scriptsindex iconHow to Run a Shell Script With Privileged Commands
smart cardsindex iconWhat's New in Rights in Oracle Solaris 11.3
solaris.*.assign authorizations
preventing privilege escalationindex iconPrivilege Escalation and User Rights
solaris.admin.edit authorization
adding to rights profileindex iconCloning and Enhancing the Network IPsec Management Rights Profile
solaris.smf.value authorization
removing from rights profileindex iconCloning and Removing Selected Rights From a Rights Profile
Stop rights profileindex iconRights Profiles Reference
su command
becoming rootindex iconHow to Change the root Role Into a User
changing to a roleindex iconCreating and Assigning a Role to Administer Cryptographic Services
in role assumptionindex iconAssuming an ARMOR Role
subshells
restricting editing rightsindex iconPreventing Guests From Spawning Editor Subprocesses
sudo
roles configured likeindex iconCreating a Role That Requires the User's Password
sudo command
using in Oracle Solaris
index iconUsing Your Assigned Administrative Rights
index iconDeciding Which Rights Model to Use for Administration
superuser
compared to rights model
index iconProcess Rights Management
index iconUser and Process Rights Provide an Alternative to the Superuser Model
differences from rights modelindex iconAdministrative Differences on a System With Privileges
eliminating by delegating rightsindex iconMore About Roles
troubleshooting becoming root as a roleindex iconPreventing the root Role From Being Used to Maintain a System
svc:/application/database/mysql:version_55index iconHow to Lock Down the MySQL Service
svc:/network/http:Apache2index iconHow to Assign Specific Privileges to the Apache HTTP Server
svc:/system/name-service/switch
index iconHow to Troubleshoot Rights Assignments
index iconName Service Scope and Rights Verification
svccfg command
–s option
index iconHow to Troubleshoot Rights Assignments
index iconHow to Assign Specific Privileges to the Apache HTTP Server
svcprop command
–s optionindex iconHow to Lock Down the MySQL Service
SYS privilegesindex iconPrivilege Descriptions
syslog.conf fileindex iconFiles That Contain Privilege Information
System Administrator rights profile
assigning to roleindex iconDistribution of Rights
descriptionindex iconRights Profiles Reference
system properties
privileges relating toindex iconPrivilege Descriptions
system security
privilegesindex iconProcess Rights Management
using rightsindex iconUser and Process Rights Provide an Alternative to the Superuser Model
System V IPC privilegesindex iconPrivilege Descriptions

T

third-party applications
creating rights profiles forindex iconCreating a Rights Profile for Administrators of a Third-Party Application
troubleshooting
assigning passwords for cron jobsindex iconUsing the openldap System Account to Run a cron Job
failed use of privilegeindex iconHow to Determine Which Privileges a Program Requires
lack of privilegeindex iconHow to Determine Which Privileges a Program Requires
non-UNIX passwordsindex iconUsing the openldap System Account to Run a cron Job
privilege requirementsindex iconHow to Determine Which Privileges a Program Requires
rightsindex iconHow to Troubleshoot Rights Assignments
rights assignmentsindex iconHow to Troubleshoot Rights Assignments
root as a roleindex iconPreventing the root Role From Being Used to Maintain a System
user running privileged commandsindex iconHow to Troubleshoot Rights Assignments
user running privileged shellindex iconDetermining Whether You Are Using a Profile Shell
truss -t command
for privilege debuggingindex iconUsing the truss Command to Examine Privilege Use
trusted users
assigning extended privileges toindex iconEnabling a Trusted User to Read Extended Accounting Files
assigning roles to
index iconAdding a Role to a User
index iconUsing ARMOR Roles
creating
index iconExpanding Users' Rights
index iconCreating a Role
profile shell as login shellindex iconCreating a Trusted User to Administer DHCP

U

–U option
list_devices commandindex iconCommands and Associated Authorizations
umask value, making more restrictiveindex iconHow to Set a More Restrictive umask Value for Regular Users
unlocking user accountindex iconHow to Set Account Locking for Regular Users
user procedures
assuming a roleindex iconAssuming an ARMOR Role
protecting own files from application accessindex iconUsers Locking Down the Applications That They Run
using an assigned roleindex iconAssuming an ARMOR Role
using extended privilegesindex iconUsers Locking Down the Applications That They Run
user_attr database
index iconuser_attr Database
index iconRights Databases
useradd command
authorizations required forindex iconCommands and Associated Authorizations
descriptionindex iconRights Administration Commands
example of usingindex iconCreating a Login for a Trusted User
userattr command
descriptionindex iconRights Administration Commands
use
index iconHow to Troubleshoot Rights Assignments
index iconPreventing the root Role From Being Used to Maintain a System
index iconRemoving Privileges From a User's Limit Set
userdel command
authorizations required forindex iconCommands and Associated Authorizations
descriptionindex iconRights Administration Commands
usermod command
authorizations required forindex iconCommands and Associated Authorizations
descriptionindex iconRights Administration Commands
–R option
index iconChanging the root User Into the root Role
index iconCaching Authentication for Ease of Role Use
using to assign roleindex iconCreating a Role
users
assigning
authenticated rights profilesindex iconRequiring a User to Type Password Before Administering DHCP
privileges toindex iconAssigning Privileges Directly to a User
rightsindex iconAssigning Rights to Users
rights defaultsindex iconpolicy.conf File
rights profilesindex iconCreating a Trusted User to Administer DHCP
authenticating to rights profile
index iconAssigning Rights Profiles in a Specific Order
index iconModifying a Rights Profile to Enable a User to Use Own Password for Role Password
authenticating to role
index iconHow to Reorder Assigned Rights
index iconEnabling a User to Use Own Password for Role Password
basic privilege setindex iconHow Privileges Are Implemented
creating root userindex iconHow to Change the root Role Into a User
creating with useradd commandindex iconCreating a Role
determining hosts where attributes are validindex iconListing Qualified Attributes
determining if running a profile shellindex iconDetermining Whether You Are Using a Profile Shell
determining own privileged commandsindex iconListing Privileges
expanding rightsindex iconExpanding Users' Rights
file permissions
restrictingindex iconHow to Set a More Restrictive umask Value for Regular Users
guest restrictionsindex iconPreventing Guests From Spawning Editor Subprocesses
initial inheritable privilegesindex iconHow Privileges Are Implemented
locking accountindex iconHow to Set Account Locking for Regular Users
managing third-party accountsindex iconCreating a Rights Profile for Administrators of a Third-Party Application
protecting their files from access by applicationsindex iconUsers Locking Down the Applications That They Run
protecting their files from web application accessindex iconUsers Locking Down the Applications That They Run
removing basic privilegesindex iconHow to Remove Unneeded Basic Privileges From Users
removing rightsindex iconRestricting Users' Rights
requiring use of one-time passwordindex iconRestricting Users' Rights
restricting control of hardwareindex iconHow to Remove Power Management Capability From Users
restricting file permissionsindex iconHow to Set a More Restrictive umask Value for Regular Users
troubleshooting running privileged commandsindex iconHow to Troubleshoot Rights Assignments
umask valueindex iconHow to Set a More Restrictive umask Value for Regular Users
unlocking accounts ofindex iconHow to Set Account Locking for Regular Users
using rights profile
index iconAssigning Rights Profiles in a Specific Order
index iconModifying a Rights Profile to Enable a User to Use Own Password for Role Password
using
auths commandindex iconHow to Create an Authorization
getent command
index iconListing Privileges
index iconListing the Contents of the Rights Profiles Database
index iconListing the Content of the Authorizations Database
index iconChanging the root User Into the root Role
ipadm set-prop commandindex iconHow to Lock Down the MySQL Service
ppriv command
index iconListing the Privileges in Your Current Shell
index iconListing the Privileges in Your Current Shell
profiles command
index iconModifying a Rights Profile to Enable a User to Use Own Password for Role Password
index iconCreating and Assigning a Role to Administer Cryptographic Services
rights defaultsindex iconListing Rights and Their Definitions
rolemod commandindex iconAssigning Privileges Directly to a Role
roles commandindex iconListing Your Assigned Roles
sudo commandindex iconDeciding Which Rights Model to Use for Administration
svccfg command
index iconHow to Troubleshoot Rights Assignments
index iconHow to Apply Extended Privilege Policy to a Port
svcprop commandindex iconHow to Lock Down the MySQL Service
truss commandindex iconUsing the truss Command to Examine Privilege Use
usermod commandindex iconAssigning Privileges Directly to a User
your assigned administrative rightsindex iconUsing Your Assigned Administrative Rights

V

viewing
contents of rights profilesindex iconViewing the Contents of Rights Profiles
directly assigned privilegesindex iconAssigning Privileges Directly to a User
privileges in a shell
index iconListing the Privileges in Your Current Shell
index iconAdding to a Role's Basic Privileges
privileges on a processindex iconListing the Privileges in Your Current Shell
rights of initial userindex iconListing Rights and Their Definitions
your rightsindex iconListing Rights and Their Definitions
VSCAN Management rights profile
cloning to modifyindex iconCloning and Removing Selected Rights From a Rights Profile

W

web browsers
assigning limited privilegesindex iconRunning a Browser in a Protected Environment
web servers
Apache HTTP Serverindex iconHow to Assign Specific Privileges to the Apache HTTP Server
checking protectionsindex iconHow to Determine Which Privileges the Apache HTTP Server Is Using
protecting with extended privilegesindex iconHow to Assign Specific Privileges to the Apache HTTP Server
wildcard characters
in authorizationsindex iconAuthorization Naming Conventions

Z

zone.max-locked-memory resource controlindex iconPrivileges and Resource Management
Copyright © 2002, 2018, Oracle and/or its affiliates. All rights reserved. 
Previous