Go to main content

Securing Users and Processes in Oracle® Solaris 11.3

Exit Print View

Updated: September 2018
 
 

Considerations When Assigning Rights

Security and usability issues can affect how administrators assign rights.

Security Considerations When Assigning Rights

    Typically, users or roles obtain administrative rights through a rights profile, but direct assignment of rights is also possible.

  • Privileges can be assigned directly to users and roles.

    Direct assignment of privileges is not a secure practice. Users and roles with a directly assigned privilege can override security policy wherever this privilege is required by the kernel. Also, malicious processes that compromise a user or role's process can use this privilege wherever it is required by the kernel.

    A more secure practice is to assign the privilege as a security attribute of a command in a rights profile. Then, that privilege is available only for that command by someone who has that rights profile.

  • Authorizations can be assigned directly to users and roles.

    Because authorizations are evaluated at the user level, direct assignment of authorizations can be less dangerous than direct assignment of privileges. However, authorizations can enable a user to perform highly secure tasks, such as assigning audit flags. For greater security, assign authorizations in an authenticated rights profile where the user must supply a password before the command can execute.

Usability Considerations When Assigning Rights

    Direct assignment of rights can affect usability.

  • Directly assigned authorizations and the commands and authorizations in a user's rights profile must be interpreted by a profile shell to be effective. By default, users are not assigned a profile shell. Therefore, users must remember to open a profile shell and execute the commands in that shell.

  • Singly assigning authorizations is not scalable. Also, directly assigned authorizations might not be sufficient to perform a task. The task might require privileged commands.

    Rights profiles are designed to bundle authorizations and privileged commands together. They also scale well to groups of users.