Go to main content
Index
Numbers and Symbols
- $$ (double dollar sign)
- parent shell process number
Listing the Privileges in Your Current Shell
- removing basic privilege from your processRemoving a Basic Privilege From Yourself
- * (asterisk)
- checking for in authorizationsChecking for Authorizations in a Script or Program
- wildcard character
- in authorizationsAuthorization Naming Conventions
- + (plus sign)
- keyword modifierModifying a Role's Rights
- - (minus sign)
- keyword modifierModifying a Role's Rights
- . (dot)
- authorization name separatorAuthorization Naming Conventions
- {} (curly braces)
- extended privileges syntax
- How to Lock Down the MySQL Service
- How to Apply Extended Privilege Policy to a Port
- Enabling a Non-root Account to Read a root-Owned
File
- Enabling a Trusted User to Read Extended Accounting Files
A
- access
- controlling application access to specified directoriesUsers Locking Down the Applications That They Run
- enabling to labeled filesEnabling Access to Labeled Files
- enabling to restricted files
- Cloning and Enhancing the Network IPsec Management Rights Profile
- Editing a System File
- Enabling a Trusted User to Read Extended Accounting Files
- limiting port privilegesHow to Apply Extended Privilege Policy to a Port
- restricting by labelAbout Access to Labeled Files
- restricting guest access to systemAssigning the Editor Restrictions Rights Profile to All Users
- to labeled filesEnabling Access to Labeled Files
- access_times keyword
- user_attr Database
- Basics of User and Process Rights
- access_tz keyword
- user_attr Database
- Basics of User and Process Rights
- accessing
- labeled file systemsHow to Verify User Access to Labeled Files
- persistent sandboxesPreparing for Persistent Sandboxes
- account locking
- Modifying Rights System-Wide As SMF Properties
- Restricting Users' Rights
- account-policy
- SMF stencilaccount-policy SMF Stencil
- account-policy service
- enablingNew Feature – Enabling the account-policy Service
- replacing security attributes in files
- account-policy SMF Stencil
- New Feature – Enabling the account-policy Service
- Assigning Rights to Users
- Following Your Chosen Rights Model
- What's New in Rights in Oracle Solaris 11.4
- stencilsNew Feature – Enabling the account-policy Service
- account-policy SMF stencil
- SMF Stencil That Contains Privilege Information
- Commands for Handling Privileges
- Rights Administration Commands
- accounts
- locking and unlockingHow to Set Account Locking for Regular Users
- locking and unlocking system-wideHow to Set Account Locking for All Logins
- timed unlocking
- How to Set Account Locking for All Logins
- How to Set Account Locking for Regular Users
- adding
- auditing of privileged actionsAuditing Administrative Actions
- authorizations
- to rights profileAdding Authorizations to a Rights Profile
- to roleAssigning Authorizations to a Role
- to userAssigning Authorizations Directly to a User
- cryptomgt roleCreating and Assigning a Role to Administer Cryptographic Services
- extended privileges
- by usersUsers Locking Down the Applications That They Run
- to a databaseHow to Lock Down the MySQL Service
- to a portHow to Apply Extended Privilege Policy to a Port
- to a web serverHow to Assign Specific Privileges to the Apache HTTP Server
- new authorizationHow to Create an Authorization
- new rights profileCreating Rights Profiles and Authorizations
- new rights profile from existing oneHow to Clone and Modify a System Rights Profile
- privileges
- directly to roleAssigning Privileges Directly to a Role
- directly to userAssigning Privileges Directly to a User
- to command in rights profileCreating a Rights Profile That Includes Privileged Commands
- rights
- commands forCommands for Administering Rights
- to legacy applicationsRunning an Application With Assigned Rights
- to rights profileCreating Rights Profiles and Authorizations
- to rolesCreating a Role
- to usersExpanding Users' Rights
- rights profiles to list of profilesAdding a Rights Profile as the Role's First Rights Profile
- rolesAssigning Rights to Users
- security-related roleCreating and Assigning a Role to Administer Cryptographic Services
- set ID
- to legacy applicationsAssigning Security Attributes to a Legacy Application
- trusted usersCreating a Trusted User to Administer DHCP
- administering
- ARMOR rolesUsing ARMOR Roles
- authorizations
- How to Create an Authorization
- How to Create an Authorization
- extended privilege policyLocking Down Resources by Using Extended Privileges
- immutable zonesAdministering Immutable Zones
- rights
- authorizationsHow to Create an Authorization
- commands forCommands for Administering Rights
- instructionsUsing Your Assigned Administrative Rights
- legacy applications
- Running an Application With Assigned Rights
- Assigning Security Attributes to a Legacy Application
- of a role
- Enabling a User to Use Own Password for Role Password
- Changing a Role Password
- Creating a Role
- of a user
- Restricting Users' Rights
- Expanding Users' Rights
- of all usersModifying Rights System-Wide As SMF Properties
- rights profilesCreating Rights Profiles and Authorizations
- rolesHow to Reorder Assigned Rights
- rights profiles
- Assigning Rights Profiles in a Specific Order
- Creating Rights Profiles and Authorizations
- Modifying a Rights Profile to Enable a User to Use Own Password for Role
Password
- role password
- Changing a Role Password
- Creating a Role
- roles to replace superuserFollowing Your Chosen Rights Model
- user password to assume role
- How to Reorder Assigned Rights
- Enabling a User to Use Own Password for Role Password
- without privilegesAdministrative Differences on a System With Privileges
- administrative accounts
- creating roles forCreating a Role for an Application Administrator
- administrators
- adding to users' rightsExpanding Users' Rights
- installing ARMOR packageUsing ARMOR Roles
- modifying all users' rightsModifying Rights System-Wide As SMF Properties
- restricting access to a databaseHow to Lock Down the MySQL Service
- restricting access to a portHow to Apply Extended Privilege Policy to a Port
- restricting rightsRestricting an Administrator to Explicitly Assigned Rights
- restricting users' rightsRestricting Users' Rights
- restricting web server privilegesHow to Assign Specific Privileges to the Apache HTTP Server
- All rights profileRights Profiles Reference
- allocate command
- authorizations required forCommands and Associated Authorizations
- ALTSHELL security attributeUser Environment Security Attributes in Files and SMF
- annotation keyword
- descriptionuser_attr Database
- ANNOTATION security attributeLogin Security Attributes in Files and SMF
- Apache HTTP Server
- assigning extended privilegesHow to Assign Specific Privileges to the Apache HTTP Server
- verifying use of privilegeHow to Determine Which Privileges the Apache HTTP Server Is Using
- applications
- Apache HTTP ServerHow to Assign Specific Privileges to the Apache HTTP Server
- assigning extended privilegesProtecting Directories on Your System From Application Processes
- assigning extended privileges to editorsPreventing Guests From Spawning Editor Subprocesses
- checking for authorizationsChecking for Authorizations in a Script or Program
- Firefox browserRunning a Browser in a Protected Environment
- legacy and privilegesLegacy Applications and the Use of Privileges
- limiting access to specified directoriesProtecting Directories on Your System From Application Processes
- MySQL databaseHow to Lock Down the MySQL Service
- preventing from spawning new processesPreventing Selected Applications From Spawning New Processes
- privilege-aware
- How Processes Get Privileges
- How Privileges Are Implemented
- ARMOR
- assigning roles to trusted usersUsing ARMOR Roles
- installing packageUsing ARMOR Roles
- introduction to standardUser and Process Rights Provide an Alternative to the Superuser Model
- planning use ofFollowing Your Chosen Rights Model
- assigning
- authorizations in a rights profileAdding Authorizations to a Rights Profile
- clearances
- to specific usersEnabling Access to Labeled Files
- privileges
- to commands in a rights profileCreating a Rights Profile That Includes Privileged Commands
- to commands in a scriptHow to Run a Shell Script With Privileged Commands
- to roleAssigning Privileges Directly to a Role
- to userAssigning Privileges Directly to a User
- profile shell as login shell
- Creating a Trusted User to Administer DHCP
- Creating a Login for a Trusted User
- rights
- securelySecurity Considerations When Assigning Rights
- to specific resourcesLocking Down Resources by Using Extended Privileges
- to usersUser and Process Rights Provide an Alternative to the Superuser Model
- usability considerationsUsability Considerations When Assigning Rights
- rights profile
- to a roleCreating a Role
- to a userCreating a Trusted User to Administer DHCP
- rights profiles
- How to Remove Unneeded Basic Privileges From Users
- How to Set Account Locking for Regular Users
- rights to users
- to all loginsModifying Rights System-Wide As SMF Properties
- to users
- Restricting Users' Rights
- Expanding Users' Rights
- role to a user locallyCreating a Role
- assuming role
- how toExpanding Users' Rights
- in a terminal windowAssuming an ARMOR Role
- rootAssuming the root Role
- when assignedUsing Your Assigned Administrative Rights
- asterisk (*)
- checking for in authorizationsChecking for Authorizations in a Script or Program
- wildcard character
- in authorizationsAuthorization Naming Conventions
- at command
- authorizations required forCommands and Associated Authorizations
- atq command
- authorizations required forCommands and Associated Authorizations
- Audit Configuration rights profile
- use ofAuditing Administrative Actions
- audit trail Seeaudit files
- audit command
- –s optionAuditing Administrative Actions
- audit_flags keyword
- descriptionuser_attr Database
- auditing
- privileges andPrivileged Actions in the Audit Record
- rolesAuditing Administrative Actions
- auth_attr database
- auth_attr Database
- Rights Databases
- auth_profiles keyword
- descriptionuser_attr Database
- example ofRequiring a User to Type Password Before Administering DHCP
- AUTH_PROFS_GRANTED keyword
- policy.conf filepolicy.conf File
- AUTH_PROFS_GRANTED security attributeUser Account Security Attributes in Files and SMF
- authenticated rights profiles
- assigningRequiring a User to Type Password Before Administering DHCP
- keyword in policy.conf filepolicy.conf File
- searched before rights profiles
- How to Troubleshoot Rights Assignments
- Order of Search for Assigned Rights
- authorizations See Alsorights
- adding to rights profileAdding Authorizations to a Rights Profile
- checking for wildcardsChecking for Authorizations in a Script or Program
- checking in privileged applicationApplications That Check Authorizations
- commands requiringSelected Commands That Require Authorizations
- compared to privileges
- More About User Authorizations
- Basics of User and Process Rights
- creating new onesHow to Create an Authorization
- database
- auth_attr Database
- Rights Databases
- delegatingDelegation Authority in Authorizations
- description
- Authorizations Reference
- More About User Authorizations
- Basics of User and Process Rights
- effect of misspellingHow to Troubleshoot Rights Assignments
- granularityAuthorization Naming Conventions
- listingListing Authorizations
- misspellingHow to Troubleshoot Rights Assignments
- naming conventionsAuthorization Naming Conventions
- preventing privilege escalationPrivilege Escalation and User Rights
- removing from rights profileCloning and Removing Selected Rights From a Rights Profile
- troubleshootingHow to Troubleshoot Rights Assignments
- auths command
- descriptionRights Administration Commands
- –t optionHow to Create an Authorization
- use
- Listing Authorizations
- How to Create an Authorization
- Checking for Authorizations in a Script or Program
- auths keyword
- description
- user_attr Database
- Adding Authorizations to a Rights Profile
- use
- Cloning and Removing Selected Rights From a Rights Profile
- Cloning and Enhancing the Network IPsec Management Rights Profile
- AUTHS_GRANTED keyword
- policy.conf filepolicy.conf File
- AUTHS_GRANTED security attributeUser Account Security Attributes in Files and SMF
- auto_unlock_time attributeHow to Set Account Locking for All Logins
B
- basic privilege setHow Privileges Are Implemented
- basic privileges
- limiting use by serviceHow to Lock Down the MySQL Service
- Basic Solaris User rights profileRights Profiles Reference
- browsers
- protecting user files with extended privilegesUsers Locking Down the Applications That They Run
C
- capabilities Seerights
- cdrw command
- authorizations required forCommands and Associated Authorizations
- changing
- password of role
- Changing a Role Password
- Creating a Role
- rights
- of a portHow to Apply Extended Privilege Policy to a Port
- of a scriptHow to Run a Shell Script With Privileged Commands
- of a web serverHow to Assign Specific Privileges to the Apache HTTP Server
- of an applicationAssigning Rights to Applications and Scripts
- of an editorPreventing Guests From Spawning Editor Subprocesses
- of FirefoxUsers Locking Down the Applications That They Run
- of roleCreating a Role
- to MySQL databaseHow to Lock Down the MySQL Service
- rights profile contentsCreating Rights Profiles and Authorizations
- root role into userChanging Whether root Is a User or a Role
- umask
- How to Set a More Restrictive umask Value for All Logins
- How to Set a More Restrictive umask Value for Regular
Users
- user file permissions
- How to Set a More Restrictive umask Value for All Logins
- How to Set a More Restrictive umask Value for Regular
Users
- CLEARANCE security attributeLogin Security Attributes in Files and SMF
- clearances
- assigning to specific usersEnabling Access to Labeled Files
- labels on processesAbout Access to Labeled Files
- user defaultAbout Access to Labeled Files
- cloning
- rights profile contentsHow to Clone and Modify a System Rights Profile
- commands
- determining user's privileged commandsListing Privileges
- determining user's qualified attributesListing Qualified Attributes
- for administering privilegesCommands for Handling Privileges
- rights administration commandsCommands That Manage Authorizations, Rights Profiles, and Roles
- that assign privilegesAssigning Privileges to Users and Processes
- that check for privilegesApplications That Check for Privileges
- components
- rights management, ofBasics of User and Process Rights
- config/etc_default_login stencil
- Modifying Logging Policy
- Modifying Login Policy
- Modifying Login Environment Variables
- config/etc_default_passwd stencilModifying Password Policy
- config/etc_default_su stencilModifying Logging Policy
- config/etc_security_policyconf stencilModifying System-Wide Privileges, Authorizations, and Rights Profiles
- configuring
- all usersModifying Rights System-Wide As SMF Properties
- authorizationsHow to Create an Authorization
- labeled file systemsConfiguring Users and Processes With Labels
- power managementHow to Remove Power Management Capability From Users
- privileged usersCreating a Trusted User to Administer DHCP
- protected databaseHow to Lock Down the MySQL Service
- protected portHow to Apply Extended Privilege Policy to a Port
- protected web serverHow to Assign Specific Privileges to the Apache HTTP Server
- protection of user files from applicationsUsers Locking Down the Applications That They Run
- restricted usersRestricting Users' Rights
- rights
- Restricting Users' Rights
- Expanding Users' Rights
- Following Your Chosen Rights Model
- rights for all loginsModifying Rights System-Wide As SMF Properties
- rights profilesCreating Rights Profiles and Authorizations
- roles
- Creating a Role
- Assigning Rights to Users
- root role as userChanging Whether root Is a User or a Role
- sandboxesConfiguring Sandboxes for Project Isolation
- trusted usersCreating a Role
- users who can access labeled filesEnabling Access to Labeled Files
- Console User rights profile
- Rights Profiles Reference
- How to Remove Power Management Capability From Users
- CONSOLE security attribute
- Logging and su Security Attributes in Files and SMF
- Login Security Attributes in Files and SMF
- CONSOLE_USER keyword
- policy.conf filepolicy.conf File
- CONSOLE_USER security attributeUser Account Security Attributes in Files and SMF
- creating
- ARMOR rolesUsing ARMOR Roles
- authorizationHow to Create an Authorization
- privileged usersCreating a Trusted User to Administer DHCP
- rights profiles
- Creating Rights Profiles and Authorizations
- Creating a Rights Profile for Administrators of a Third-Party Application
- rolesAssigning Rights to Users
- root userHow to Change the root Role Into a User
- crontab files
- authorizations required forCommands and Associated Authorizations
- CRYPT_ALGORITHMS_ALLOW security attributePassword Security Attributes in Files and SMF
- CRYPT_ALGORITHMS_DEPRECATE security attributePassword Security Attributes in Files and SMF
- CRYPT_DEFAULT security attributePassword Security Attributes in Files and SMF
- Crypto Management rights profile
- using in a roleCreating and Assigning a Role to Administer Cryptographic Services
- Cryptographic Framework
- administering with roleCreating and Assigning a Role to Administer Cryptographic Services
- curly braces ({})
- extended privileges syntax
- How to Lock Down the MySQL Service
- How to Apply Extended Privilege Policy to a Port
- Enabling a Non-root Account to Read a root-Owned
File
- Enabling a Trusted User to Read Extended Accounting Files
D
- daemons
- nscd (name service cache daemon)Rights Administration Commands
- running with privilegesVisible Differences Between a System With Privileges and a System Without Privileges
- data loss protection
- descriptionLabeling Processes for Data Loss Protection
- tasksConfiguring Users and Processes With Labels
- databases
- auth_attrauth_attr Database
- exec_attrexec_attr Database
- MySQLHow to Lock Down the MySQL Service
- prof_attrprof_attr Database
- protecting with extended privilegesHow to Lock Down the MySQL Service
- rightsRights Databases
- user_attruser_attr Database
- deallocate command
- authorizations required forCommands and Associated Authorizations
- default_privileges attributeModifying System-Wide Privileges, Authorizations, and Rights Profiles
- defaultpriv keywordHow to Remove Unneeded Basic Privileges From Users
- descriptionuser_attr Database
- defaults
- privileges settingsSMF Stencil That Contains Privilege Information
- delegating authorizationsDelegation Authority in Authorizations
- determining
- access to labeled filesHow to Verify User Access to Labeled Files
- Apache HTTP Server's privilegesHow to Determine Which Privileges the Apache HTTP Server Is Using
- privileges on a processListing the Privileges in Your Current Shell
- required privilegesHow to Determine Which Privileges a Program Requires
- rights, available or assignedListing Rights and Their Definitions
- which rights model to useDeciding Which Rights Model to Use for Administration
- devices
- rights model andPrivileges and Devices
- superuser model andPrivileges and Devices
- DICTIONDBDIR security attributePassword Security Attributes in Files and SMF
- DICTIONLIST security attributePassword Security Attributes in Files and SMF
- DICTIONMINWORDLENGTH security attributePassword Security Attributes in Files and SMF
- DISABLETIME security attributeLogin Security Attributes in Files and SMF
- displaying See Alsolisting
- roles you can assume
- Rights Administration Commands
- Assuming an ARMOR Role
- dominance Seelabel dominance
- dot (.)
- authorization name separatorAuthorization Naming Conventions
- double dollar sign ($$)
- parent shell process numberListing the Privileges in Your Current Shell
- removing basic privilege from your shellRemoving a Basic Privilege From Yourself
E
- /etc/default/login fileHow to Set Account Locking for Regular Users
- /etc/security/policy.conf file
- editingHow to Remove Unneeded Basic Privileges From Users
- /etc/security/policy.conf file
- editingHow to Remove Unneeded Basic Privileges From Users
- /etc/security/policy.conf file
- editingHow to Remove Power Management Capability From Users
- editors
- preventing from spawning new processesPreventing Guests From Spawning Editor Subprocesses
- restricting for guest userPreventing Guests From Spawning Editor Subprocesses
- effective privilege setHow Privileges Are Implemented
- enabling
- access to labeled filesEnabling Access to Labeled Files
- encodings file
- Sandbox Labels v1.0
- Preparing for Persistent Sandboxes
- Configuring Sandboxes for Project Isolation
- escalation of privilege
- descriptionPrivilege Escalation and User Rights
- preventing in devicesPrivileges and Devices
- exacct files
- reading with Perl scriptsEnabling a Trusted User to Read Extended Accounting Files
- exec_attr database
- exec_attr Database
- Rights Databases
- expanding users rightsExpanding Users' Rights
- Extended Accounting Net Management rights profileEnabling a Trusted User to Read Extended Accounting Files
- extended policy Seeextended privileges
- extended privilege policy Seeextended privileges
- extended privileges
- administeringLocking Down Resources by Using Extended Privileges
- assigned by regular usersUsers Locking Down the Applications That They Run
- assigning
- in rights profilePreventing Guests From Spawning Editor Subprocesses
- to a databaseHow to Lock Down the MySQL Service
- to a portHow to Apply Extended Privilege Policy to a Port
- to trusted usersEnabling a Trusted User to Read Extended Accounting Files
- to web serverHow to Assign Specific Privileges to the Apache HTTP Server
- description
- Using Extended Privilege Policy to Restrict Privilege Use
- Expanding a User or Role's Privileges
- listingHow to Lock Down the MySQL Service
- PRIV_XPOLICY flagHow to Lock Down the MySQL Service
- protecting files of regular usersUsers Locking Down the Applications That They Run
- reading root-owned filesEnabling a Non-root Account to Read a root-Owned
File
F
- file labels Seelabels
- FILE privileges
- descriptionPrivilege Descriptions
- file_chownHow Processes Get Privileges
- file_chown_selfPrivilege Escalation and Kernel Privileges
- file systems
- configuring as labeledConfiguring Users and Processes With Labels
- files
- /etc/default/loginHow to Set Account Locking for Regular Users
- accessing labeledHow to Verify User Access to Labeled Files
- configuring as labeledConfiguring Users and Processes With Labels
- privileges relating toPrivilege Descriptions
- Firefox browser
- assigning extended privilegesRunning a Browser in a Protected Environment
- flags
- PRIV_PFEXEC in profile shellsDetermining Whether You Are Using a Profile Shell
- PRIV_XPOLICY on processHow to Lock Down the MySQL Service
- FTP service
- protecting with labelsExample - Protecting the FTP Service With a Label
G
- getent command
- descriptionRights Administration Commands
- listing commands with assigned security attributesListing Privileges
- listing contents of rights databasesListing Rights and Their Definitions
- listing definitions of all authorizationsListing the Content of the Authorizations Database
- listing definitions of all rights profilesListing the Contents of the Rights Profiles Database
- listing qualified security attributesListing Qualified Attributes
- usingChanging the root User Into the root Role
H
- hardware
- restricting user control ofHow to Remove Power Management Capability From Users
- HISTORY security attributePassword Security Attributes in Files and SMF
- host qualified attribute
- descriptionuser_attr Database
- HZ security attributeUser Environment Security Attributes in Files and SMF
I
- idlecmd keyword
- descriptionuser_attr Database
- useHow to Troubleshoot Rights Assignments
- idletime keyword
- descriptionuser_attr Database
- useHow to Troubleshoot Rights Assignments
- immutable zones
- administeringAdministering Immutable Zones
- inheritable privilege setHow Privileges Are Implemented
- IPC privilegesPrivilege Descriptions
- IPS packages Seepackages
K
- kernel processes and privilegesPrivileges Protecting Kernel Processes
- keywords
- defaultprivHow to Remove Unneeded Basic Privileges From Users
- lock_after_retriesHow to Set Account Locking for Regular Users
- RETRIESHow to Set Account Locking for Regular Users
L
- label dominance
- effect on accessAbout Access to Labeled Files
- label policy
- planningAbout Process Labels and Clearances in Oracle Solaris
- protecting sensitive dataAbout Process Labels and Clearances in Oracle Solaris
- labeled file systems
- configuringConfiguring Users and Processes With Labels
- labeled files
- configuringConfiguring Users and Processes With Labels
- enabling accessEnabling Access to Labeled Files
- verifying accessHow to Verify User Access to Labeled Files
- labeling Seelabels
- labels
- assigning clearancesEnabling Access to Labeled Files
- processes andAbout Process Labels and Clearances in Oracle Solaris
- protecting FTP serviceExample - Protecting the FTP Service With a Label
- protecting sensitive dataAbout Process Labels and Clearances in Oracle Solaris
- translationAbout Access to Labeled Files
- ldapaddent command
- listing all qualified security attributesListing Qualified Attributes
- least privilege
- principle ofPrivileges Protecting Kernel Processes
- legacy applications and privileges
- Assigning Security Attributes to a Legacy Application
- Legacy Applications and the Use of Privileges
- levels Seeclassifications
- limit privilege setHow Privileges Are Implemented
- limit_privileges attribute
- account-policy SMF stencilSMF Stencil That Contains Privilege Information
- limitpriv keyworduser_attr Database
- Linux behaviors
- sudo command
- Creating a Role That Requires the User's Password
- Using Your Assigned Administrative Rights
- Deciding Which Rights Model to Use for Administration
- user password when assuming role
- Modifying a Rights Profile to Enable a User to Use Own Password for Role
Password
- Enabling a User to Use Own Password for Role Password
- Enabling Users to Use Own Password for Role Password
- list_devices command
- authorizations required forCommands and Associated Authorizations
- listing See Alsodisplaying
- all rightsListing Rights and Their Definitions
- authorizationsListing Authorizations
- default rights configurationListing Rights and Their Definitions
- one user's rightsListing All Rights Assigned to a User
- privilegesListing Privileges
- qualifiers to security attributesListing Qualified Attributes
- rightsListing Rights and Their Definitions
- rights of initial userListing Rights and Their Definitions
- rights profilesListing Rights Profiles
- rolesListing Roles
- roles you can assume
- Rights Administration Commands
- Assuming an ARMOR Role
- your rightsListing Rights and Their Definitions
- lock_after_retries attributeHow to Set Account Locking for All Logins
- lock_after_retries keywordHow to Set Account Locking for Regular Users
- descriptionuser_attr Database
- LOCK_AFTER_RETRIES security attributeLogin Security Attributes in Files and SMF
- locking
- accounts
- Modifying Rights System-Wide As SMF Properties
- Restricting Users' Rights
- user account automaticallyHow to Set Account Locking for Regular Users
- user accounts automaticallyHow to Set Account Locking for All Logins
- logging in
- remote root loginChanging Whether root Is a User or a Role
- users' basic privilege setHow Privileges Are Implemented
- logins
- effect on clearancesAbout Access to Labeled Files
M
- man pages
- commands that require authorizationsSelected Commands That Require Authorizations
- rightsCommands That Manage Authorizations, Rights Profiles, and Roles
- managing Seeadministering
- MAXDAYS security attributePassword Security Attributes in Files and SMF
- MAXREPEATS security attributePassword Security Attributes in Files and SMF
- MAXWEEKS security attributePassword Security Attributes in Files and SMF
- Media Backup rights profile
- assigning to trusted usersDistribution of Rights
- Media Restore rights profile
- preventing privilege escalationPrivilege Escalation and User Rights
- MINALPHA security attributePassword Security Attributes in Files and SMF
- MINDAYS security attributePassword Security Attributes in Files and SMF
- MINDIFF security attributePassword Security Attributes in Files and SMF
- MINDIGIT security attributePassword Security Attributes in Files and SMF
- MINLOWER security attributePassword Security Attributes in Files and SMF
- MINNONALPHA security attributePassword Security Attributes in Files and SMF
- MINSPECIAL security attributePassword Security Attributes in Files and SMF
- MINUPPER security attributePassword Security Attributes in Files and SMF
- minus sign (-)
- keyword modifierModifying a Role's Rights
- MINWEEKS security attributePassword Security Attributes in Files and SMF
- modifying Seechanging
- monitoring
- use of privileged commandsAuditing Administrative Actions
- multilevel file systems Seelabeled file systems
- MySQL database
- installing IPS packageHow to Lock Down the MySQL Service
- protecting with extended privilegesHow to Lock Down the MySQL Service
N
- NAMECHECK security attributePassword Security Attributes in Files and SMF
- naming
- persistent sandboxesPreparing for Persistent Sandboxes
- sandboxesConfiguring Sandboxes for Project Isolation
- naming conventions
- authorizationsAuthorization Naming Conventions
- naming services
- rights databases andRights Databases and the Naming Services
- scope of assigned rightsName Service Scope and Rights Verification
- NET privilegesPrivilege Descriptions
- netgroup qualified attribute
- descriptionuser_attr Database
- network
- privileges relating toPrivilege Descriptions
- Network IPsec Management rights profile
- adding solaris.admin.edit authorizationCloning and Enhancing the Network IPsec Management Rights Profile
- non-global zones Seezones
- non-UNIX accounts
- troubleshooting password assignmentsUsing the openldap System Account to Run a
cron Job
- nscd (name service cache daemon)
- useRights Administration Commands
O
- Object Access Management rights profileHow Processes Get Privileges
- obtaining
- privileged commandsCreating a Role
- privileges
- Assigning Privileges Directly to a User
- Assigning Privileges Directly to a Role
- Assigning Privileges to Users and Processes
- How Processes Get Privileges
- privileges on a processListing the Privileges in Your Current Shell
- one-time passwords
- requiring use ofRestricting Users' Rights
- Operator rights profile
- assigning to roleDistribution of Rights
- descriptionRights Profiles Reference
- order of search
- authenticated rights profilesOrder of Search for Assigned Rights
- rightsOrder of Search for Assigned Rights
- rights profiles exampleAdding a Rights Profile as the Role's First Rights Profile
- user security attributesOrder of Search for Assigned Rights
- OTP Seeone-time password (OTP)
P
- packages
- ARMORUsing ARMOR Roles
- MySQLHow to Lock Down the MySQL Service
- PAM
- adding su stack to configuration fileCaching Authentication for Ease of Role Use
- modulesCaching Authentication for Ease of Role Use
- stack to cache authenticationCaching Authentication for Ease of Role Use
- time-sensitive user access
- user_attr Database
- Basics of User and Process Rights
- pam_policy keyword
- descriptionuser_attr Database
- PAM_POLICY security attributeLogin Security Attributes in Files and SMF
- pam_roles moduleRights Administration Commands
- pam_tty_tickets moduleCaching Authentication for Ease of Role Use
- pam_unix_account moduleRights Administration Commands
- PASSLENGTH security attributePassword Security Attributes in Files and SMF
- PASSREQ security attributeLogin Security Attributes in Files and SMF
- passwd command
- changing password of role
- Changing a Role Password
- Creating a Role
- NP accountsUsing the openldap System Account to Run a
cron Job
- passwords
- changing role password
- Changing a Role Password
- Creating a Role
- locking out users
- How to Set Account Locking for All Logins
- How to Set Account Locking for Regular Users
- overriding constraintsOverriding the Password Requirements for an Account
- unlocking user
- How to Set Account Locking for All Logins
- How to Set Account Locking for Regular Users
- using user's to assume role
- How to Reorder Assigned Rights
- Enabling a User to Use Own Password for Role Password
- PATH security attribute
- Logging and su Security Attributes in Files and SMF
- User Environment Security Attributes in Files and SMF
- Perl scripts
- for extended accountingEnabling a Trusted User to Read Extended Accounting Files
- permissions
- changing user file permissions
- How to Set a More Restrictive umask Value for All Logins
- How to Set a More Restrictive umask Value for Regular
Users
- permissive security policy
- components ofBasics of User and Process Rights
- creatingExpanding Users' Rights
- permitted privilege setHow Privileges Are Implemented
- persistent sandboxesPreparing for Persistent Sandboxes
- pfbash commandRights Administration Commands
- pfedit command
- Rights Administration Commands
- Editing a System File
- pfexec command
- Rights Administration Commands
- Using Your Assigned Administrative Rights
- planning
- ARMOR role useFollowing Your Chosen Rights Model
- clearing users to access labeled dataAbout Process Labels and Clearances in Oracle Solaris
- data loss protectionAbout Process Labels and Clearances in Oracle Solaris
- labeling sensitive dataAbout Process Labels and Clearances in Oracle Solaris
- rights model useFollowing Your Chosen Rights Model
- use of rightsFollowing Your Chosen Rights Model
- plus sign (+)
- keyword modifierModifying a Role's Rights
- policy Seelabel policy
- policy.conf file
- descriptionpolicy.conf File
- keywords
- for authenticated rights profilespolicy.conf File
- for authorizationspolicy.conf File
- for privilegespolicy.conf File
- for rights profilespolicy.conf File
- for workstation ownerpolicy.conf File
- ports
- protecting with extended privilegesHow to Apply Extended Privilege Policy to a Port
- power management
- configuringHow to Remove Power Management Capability From Users
- powers Seerights
- ppriv command
- Commands for Handling Privileges
- Listing the Privileges in Your Current Shell
- Listing Privileges
- –eD option
- Commands for Handling Privileges
- How to Determine Which Privileges a Program Requires
- How to Run a Shell Script With Privileged Commands
- –r optionUsers Locking Down the Applications That They Run
- –s optionProtecting Directories on Your System From Application Processes
- predefined roles
- ARMOR standard
- Using ARMOR Roles
- User and Process Rights Provide an Alternative to the Superuser Model
- planning use ofFollowing Your Chosen Rights Model
- preparing
- persistent sandboxes, forPreparing for Persistent Sandboxes
- principle of least privilegePrivileges Protecting Kernel Processes
- Printer Management rights profileRights Profiles Reference
- PRIV_DEFAULT keyword
- policy.conf filepolicy.conf File
- PRIV_DEFAULT security attributeUser Account Security Attributes in Files and SMF
- PRIV_LIMIT keyword
- policy.conf filepolicy.conf File
- PRIV_LIMIT security attributeUser Account Security Attributes in Files and SMF
- PRIV_PFEXEC flagDetermining Whether You Are Using a Profile Shell
- PRIV_PROC_LOCK_MEMORY privilegePrivileges and Resource Management
- PRIV_XPOLICY flagHow to Lock Down the MySQL Service
- privilege checkingApplications That Check for Privileges
- privilege sets
- adding privileges to
- Assigning Privileges Directly to a User
- Assigning Privileges Directly to a Role
- Expanding a User or Role's Privileges
- basic
- How to Troubleshoot Rights Assignments
- Listing the Basic Privileges and Their Definitions
- How Privileges Are Implemented
- effectiveHow Privileges Are Implemented
- inheritableHow Privileges Are Implemented
- limit
- How to Troubleshoot Rights Assignments
- How Privileges Are Implemented
- listing
- Listing Privileges That Are Used in Privilege Assignment
- How Privileges Are Implemented
- permittedHow Privileges Are Implemented
- removing privileges from
- Removing Basic Privileges From a Rights Profile
- Creating a Remote Users Rights Profile
- Removing a Basic Privilege From Yourself
- Using Extended Privilege Policy to Restrict Privilege Use
- Restricting Privileges for a User or Role
- privileged application
- authorization checkingApplications That Check Authorizations
- checking for security attributesApplications That Check for Rights
- descriptionBasics of User and Process Rights
- ID checkingApplications That Check UIDs and GIDs
- privilege checkingApplications That Check for Privileges
- privileged users Seetrusted users
- privileges
- adding to command in rights profileCreating a Rights Profile That Includes Privileged Commands
- assigning
- to a commandAssigning Privileges to Users and Processes
- to a scriptAssigning Privileges to a Script
- to a userAssigning Privileges to Users and Processes
- to Apache HTTP ServerHow to Assign Specific Privileges to the Apache HTTP Server
- to MySQL databaseHow to Lock Down the MySQL Service
- to roleAssigning Privileges Directly to a Role
- to userAssigning Privileges Directly to a User
- auditing andPrivileged Actions in the Audit Record
- categoriesPrivilege Descriptions
- checking in applicationsApplications That Check for Privileges
- commandsCommands for Handling Privileges
- compared to authorizations
- More About User Authorizations
- Basics of User and Process Rights
- compared to superuser modelProcess Rights Management
- debuggingDebugging Use of Privilege
- description
- Privilege Descriptions
- Privilege Descriptions
- Basics of User and Process Rights
- devices andPrivileges and Devices
- differences from superuser modelAdministrative Differences on a System With Privileges
- escalation prevention at user levelPrivilege Escalation and User Rights
- escalation prevention in kernelPrivilege Escalation and Kernel Privileges
- expanding user or role'sExpanding a User or Role's Privileges
- extended privilege policy
- Using Extended Privilege Policy to Restrict Privilege Use
- Expanding a User or Role's Privileges
- finding missingUsing the ppriv Command to Examine Privilege
Use in a Profile Shell
- implemented in setsHow Privileges Are Implemented
- inherited by processesHow Processes Get Privileges
- legacy applications and
- Assigning Security Attributes to a Legacy Application
- Legacy Applications and the Use of Privileges
- limiting all usersModifying System-Wide Privileges, Authorizations, and Rights Profiles
- limiting usersHow to Remove Unneeded Basic Privileges From Users
- listing on a processListing the Privileges in Your Current Shell
- PRIV_PROC_LOCK_MEMORYPrivileges and Resource Management
- processes with assigned privilegesHow Processes Get Privileges
- programs aware of privilegesHow Processes Get Privileges
- protecting kernel processesPrivileges Protecting Kernel Processes
- removing
- basic privilegeRemoving Basic Privileges From a Rights Profile
- basic privilege from your processRemoving a Basic Privilege From Yourself
- from a rights profileRemoving Basic Privileges From a Rights Profile
- from a userRestricting Privileges for a User or Role
- from a user's limit setRemoving Privileges From a User's Limit Set
- from yourselfRemoving a Basic Privilege From Yourself
- removing basicHow to Remove Unneeded Basic Privileges From Users
- removing several basic from public systemModifying System-Wide Privileges, Authorizations, and Rights Profiles
- SMF account-policy stencilSMF Stencil That Contains Privilege Information
- translating a labelAbout Access to Labeled Files
- troubleshooting
- lack ofHow to Determine Which Privileges a Program Requires
- user assignmentHow to Troubleshoot Rights Assignments
- using in shell scriptHow to Run a Shell Script With Privileged Commands
- privileges keyword
- listingListing Privileges
- PROC privileges
- descriptionPrivilege Descriptions
- proc_ownerPrivileges and Devices
- process privilegesPrivilege Descriptions
- process rights management Seeprivileges, rights
- processes
- labelingAbout Process Labels and Clearances in Oracle Solaris
- prof_attr databaseprof_attr Database
- summaryRights Databases
- profile shells
- assigning to usersCreating a Login for a Trusted User
- descriptionProfile Shells and Rights Verification
- determining if PRIV_PFEXEC flag is setDetermining Whether You Are Using a Profile Shell
- login shells for trusted usersCreating a Trusted User to Administer DHCP
- openingUsing Your Assigned Administrative Rights
- reading exacct network filesEnabling a Trusted User to Read Extended Accounting Files
- restricting rightsRestricting an Administrator to Explicitly Assigned Rights
- profiles Seerights profiles
- profiles command
- creating rights profilesHow to Create a Rights Profile
- descriptionRights Administration Commands
- –l optionViewing the Contents of Rights Profiles
- listing user's authenticated rights profilesListing Rights Profiles
- listing user's rights profilesListing Rights and Their Definitions
- useListing Rights Profiles
- profiles keyword
- descriptionuser_attr Database
- listingListing Rights Profiles
- PROFS_GRANTED keyword
- policy.conf filepolicy.conf File
- PROFS_GRANTED security attributeUser Account Security Attributes in Files and SMF
- programs Seeapplications
- project.max-locked-memory resource controlPrivileges and Resource Management
- projects
- isolating with sandboxesConfiguring Sandboxes for Project Isolation
- protecting FTP service
- by labelingExample - Protecting the FTP Service With a Label
- protecting sensitive data
- with labelsAbout Process Labels and Clearances in Oracle Solaris
Q
- qualified user attributes
- descriptionAbout Qualified User Attributes
- overviewBasics of User and Process Rights
- qualifier attribute
- listingListing Qualified Attributes
- user_attr databaseuser_attr Database
R
- removing
- basic privilege from application
- Users Locking Down the Applications That They Run
- How to Lock Down the MySQL Service
- basic privilege from rights profileRemoving Basic Privileges From a Rights Profile
- basic privilege from yourselfRemoving a Basic Privilege From Yourself
- basic privileges from a rights profileRemoving Basic Privileges From a Rights Profile
- limit privilege from userRemoving Privileges From a User's Limit Set
- power management capability from usersHow to Remove Power Management Capability From Users
- privileges from a systemModifying System-Wide Privileges, Authorizations, and Rights Profiles
- privileges from a userHow to Remove Unneeded Basic Privileges From Users
- rights from all loginsModifying Rights System-Wide As SMF Properties
- role assignmentsHow to Change the root Role Into a User
- users' rightsRestricting Users' Rights
- replacing
- keyword values
- Requiring a User to Type Password Before Administering DHCP
- Modifying a Role's Rights
- root role with root userHow to Change the root Role Into a User
- root user with root roleChanging the root User Into the root Role
- superuser with rolesFollowing Your Chosen Rights Model
- resource controls
- privileges, andPrivileges and Resource Management
- project.max-locked-memoryPrivileges and Resource Management
- zone.max-locked-memoryPrivileges and Resource Management
- resources
- isolating with sandboxesConfiguring Sandboxes for Project Isolation
- restricted files
- enabling read access toEnabling a Trusted User to Read Extended Accounting Files
- enabling write access to
- Cloning and Enhancing the Network IPsec Management Rights Profile
- Editing a System File
- restricting
- access to computer by time and dayBasics of User and Process Rights
- database privilegesHow to Lock Down the MySQL Service
- editor of guest userPreventing Guests From Spawning Editor Subprocesses
- guest access to systemAssigning the Editor Restrictions Rights Profile to All Users
- login attemptsRestricting Users' Rights
- port privilegesHow to Apply Extended Privilege Policy to a Port
- rights in a rights profile
- Removing Basic Privileges From a Rights Profile
- Creating a Remote Users Rights Profile
- user control of hardwareHow to Remove Power Management Capability From Users
- user file permissions
- How to Set a More Restrictive umask Value for All Logins
- How to Set a More Restrictive umask Value for Regular
Users
- web server privilegesHow to Assign Specific Privileges to the Apache HTTP Server
- restrictive security policy
- components ofBasics of User and Process Rights
- creatingRestricting Users' Rights
- creating system-wideModifying Rights System-Wide As SMF Properties
- enforcingLocking Down Resources by Using Extended Privileges
- RETRIES keywordHow to Set Account Locking for Regular Users
- RETRIES security attributeLogin Security Attributes in Files and SMF
- rights See Alsoauthorizations, privileges, rights profiles, roles
- access_times keywordBasics of User and Process Rights
- access_tz keywordBasics of User and Process Rights
- account lockingRestricting Users' Rights
- adding privileged usersCreating a Trusted User to Administer DHCP
- administration commandsCommands That Manage Authorizations, Rights Profiles, and Roles
- assigningExpanding Users' Rights
- authenticated rights profilesRequiring a User to Type Password Before Administering DHCP
- system-wideModifying Rights System-Wide As SMF Properties
- to restrict usersRestricting Users' Rights
- to usersAssigning Rights to Users
- auditing use ofAuditing Administrative Actions
- authorization databaseauth_attr Database
- authorizationsMore About User Authorizations
- basic conceptsBasics of User and Process Rights
- changing role passwords
- Changing a Role Password
- Creating a Role
- checking for
- Applications That Check UIDs and GIDs
- Rights Verification
- checking scripts or programs for authorizationsChecking for Authorizations in a Script or Program
- commands forCommands for Administering Rights
- commands for managingCommands That Manage Authorizations, Rights Profiles, and Roles
- compared to superuser modelUser and Process Rights Provide an Alternative to the Superuser Model
- configuring
- Restricting Users' Rights
- Expanding Users' Rights
- considerations when directly assigningConsiderations When Assigning Rights
- creating authorizationsHow to Create an Authorization
- creating rights profilesCreating Rights Profiles and Authorizations
- databasesRights Databases
- defaultsListing Rights and Their Definitions
- elementsBasics of User and Process Rights
- expanding usersExpanding Users' Rights
- gaining administrativeUsing Your Assigned Administrative Rights
- limiting login attemptsRestricting Users' Rights
- listing allListing Rights and Their Definitions
- listing for one userListing All Rights Assigned to a User
- modifying rolesCreating a Role
- naming services andRights Databases and the Naming Services
- Network Security rights profileExample of a User Rights and Process Rights Assignment
- new features in this releaseWhat's New in Rights in Oracle Solaris 11.4
- order of searchOrder of Search for Assigned Rights
- planning use ofFollowing Your Chosen Rights Model
- privileges on commandsApplications That Check for Privileges
- profile shellsProfile Shells and Rights Verification
- reading exacct network files
- Enabling a Trusted User to Read Extended Accounting Files
- Enabling a Trusted User to Read Extended Accounting Files
- recommended rolesUser and Process Rights Provide an Alternative to the Superuser Model
- removing from usersRestricting Users' Rights
- removing system-wideModifying Rights System-Wide As SMF Properties
- restricting administrator to explicitly assignedRestricting an Administrator to Explicitly Assigned Rights
- restricting rightsRestricting an Administrator to Explicitly Assigned Rights
- restricting users to specific times of accessBasics of User and Process Rights
- restricting users'Restricting Users' Rights
- restricting users' system-wideModifying Rights System-Wide As SMF Properties
- rights profile databaseprof_attr Database
- rights profilesMore About Rights Profiles
- search orderOrder of Search for Assigned Rights
- securing scriptsAssigning Rights to Applications and Scripts
- security considerations when assigningSecurity Considerations When Assigning Rights
- special ID on commandsApplications That Check UIDs and GIDs
- troubleshootingHow to Troubleshoot Rights Assignments
- usability considerations when assigningUsability Considerations When Assigning Rights
- using user password to assume role
- How to Reorder Assigned Rights
- Enabling a User to Use Own Password for Role Password
- viewing allListing Rights and Their Definitions
- viewing yourListing Rights and Their Definitions
- rights management Seeprivileges, rights
- rights profiles
- adding privileges to commandCreating a Rights Profile That Includes Privileged Commands
- adding solaris.admin.edit authorizationCloning and Enhancing the Network IPsec Management Rights Profile
- AllRights Profiles Reference
- assigning
- to usersCreating a Trusted User to Administer DHCP
- assigning to trusted usersDistribution of Rights
- authenticating with user's password
- Assigning Rights Profiles in a Specific Order
- Modifying a Rights Profile to Enable a User to Use Own Password for Role
Password
- Basic Solaris UserRights Profiles Reference
- changing contents ofCreating Rights Profiles and Authorizations
- cloning contents ofHow to Clone and Modify a System Rights Profile
- compared to rolesMore About Roles
- Console User
- Rights Profiles Reference
- How to Remove Power Management Capability From Users
- How to Remove Power Management Capability From Users
- Order of Search for Assigned Rights
- contents of typicalRights Profiles Reference
- creatingHow to Create a Rights Profile
- creating and assigning
- How to Remove Unneeded Basic Privileges From Users
- How to Set Account Locking for Regular Users
- creating for remote usersCreating a Remote Users Rights Profile
- databases Seeexec_attr database, prof_attr database
- description
- More About Rights Profiles
- Basics of User and Process Rights
- Extended Accounting Net ManagementEnabling a Trusted User to Read Extended Accounting Files
- first in listAdding a Rights Profile as the Role's First Rights Profile
- for all users of a systemAssigning a Rights Profile to a System
- major rights profiles descriptionsRights Profiles Reference
- modifyingCreating Rights Profiles and Authorizations
- Network IPsec ManagementCloning and Enhancing the Network IPsec Management Rights Profile
- Object Access ManagementHow Processes Get Privileges
- OperatorRights Profiles Reference
- order of searchOrder of Search for Assigned Rights
- preventing privilege escalation
- Privilege Escalation and User Rights
- Distribution of Rights
- Printer ManagementRights Profiles Reference
- removing authorizationsCloning and Removing Selected Rights From a Rights Profile
- requiring authentication by any user of a systemAssigning the Editor Restrictions Rights Profile to All Logins
- restricting basic privilegesRemoving Basic Privileges From a Rights Profile
- restricting rights of all users of a systemModifying the policy.conf File to Limit the Rights Available to
System Users
- Stop
- Rights Profiles Reference
- Order of Search for Assigned Rights
- System AdministratorRights Profiles Reference
- third-party applicationsCreating a Rights Profile for Administrators of a Third-Party Application
- troubleshootingHow to Troubleshoot Rights Assignments
- viewing contentsViewing the Contents of Rights Profiles
- VSCAN ManagementCloning and Removing Selected Rights From a Rights Profile
- role-based access control (RBAC) Seerights
- roleadd command
- authorizations required forCommands and Associated Authorizations
- description
- Rights Administration Commands
- Rights Administration Commands
- example of usingCreating and Assigning a Role to Administer Cryptographic Services
- –P optionCaching Authentication for Ease of Role Use
- –s optionCreating a User Administrator Role in the LDAP Repository
- –S optionCreating a User Administrator Role in the LDAP Repository
- roleauth keyword
- example of using
- Changing the Value of roleauth for a Role in the LDAP
Repository
- Enabling a User to Use Own Password for Role Password
- Enabling Users to Use Own Password for Role Password
- passwords for roles
- How to Reorder Assigned Rights
- Enabling a User to Use Own Password for Role Password
- useCaching Authentication for Ease of Role Use
- roledel command
- authorizations required forCommands and Associated Authorizations
- example of usingDeleting a Role
- rolemod command
- assigning rights to a roleReplacing a Local Role's Assigned Profiles
- authorizations required forCommands and Associated Authorizations
- changing rights of roleReplacing a Local Role's Assigned Profiles
- descriptionRights Administration Commands
- example of using
- Enabling a User to Use Own Password for Role Password
- Enabling Users to Use Own Password for Role Password
- –K optionHow to Change the root Role Into a User
- passwords for roles
- How to Reorder Assigned Rights
- Enabling a User to Use Own Password for Role Password
- roles
- ARMORUser and Process Rights Provide an Alternative to the Superuser Model
- assigning
- privileges toAssigning Privileges Directly to a Role
- rightsAssigning Rights to Users
- with usermod commandCreating a Role
- assuming
- after loginMore About Roles
- ARMORAssuming an ARMOR Role
- in a terminal window
- Assuming an ARMOR Role
- Profile Shells and Rights Verification
- root roleAssuming the root Role
- to use assigned rightsUsing Your Assigned Administrative Rights
- auditingAuditing Administrative Actions
- authenticating with user's password
- How to Reorder Assigned Rights
- Enabling a User to Use Own Password for Role Password
- changing password of
- Changing a Role Password
- Creating a Role
- changing properties ofCreating a Role
- compared to rights profilesMore About Roles
- configured like sudoCreating a Role That Requires the User's Password
- creatingAssigning Rights to Users
- creating ARMORUsing ARMOR Roles
- creating for administrative accountsCreating a Role for an Application Administrator
- deletingDeleting a Role
- descriptionMore About Roles
- determining directly assigned privilegesAdding to a Role's Basic Privileges
- determining role's privileged commandsDetermining the Privileged Commands of a Role
- listing local roles
- Rights Administration Commands
- Assuming an ARMOR Role
- making root role into userChanging Whether root Is a User or a Role
- modifyingCreating a Role
- planning predefinedFollowing Your Chosen Rights Model
- predefined
- Using ARMOR Roles
- User and Process Rights Provide an Alternative to the Superuser Model
- removing assignment from usersHow to Change the root Role Into a User
- separation of duty
- Using Two Roles to Configure Auditing
- Creating Roles for Separation of Duty
- summaryBasics of User and Process Rights
- use in user rights assignmentUser and Process Rights Provide an Alternative to the Superuser Model
- using an assigned roleAssuming an ARMOR Role
- using user password
- Modifying a Rights Profile to Enable a User to Use Own Password for Role
Password
- Example of a User Rights and Process Rights Assignment
- with user passwordsCreating a Role That Requires the User's Password
- roles command
- descriptionRights Administration Commands
- usingAssuming an ARMOR Role
- roles keyword
- listingListing Roles
- root role
- assuming roleAssuming the root Role
- changing from root userChanging the root User Into the root Role
- changing to root userChanging Whether root Is a User or a Role
- created at installationDistribution of Rights
- descriptionDistribution of Rights
- overriding password constraintsOverriding the Password Requirements for an Account
- secure remote loginChanging Whether root Is a User or a Role
- troubleshootingPreventing the root Role From Being Used to Maintain a System
- root user
- changing into root roleChanging the root User Into the root Role
- replacing in rights modelMore About Roles
S
- applications
- protecting administrative accountsCreating a Role for an Application Administrator
- Sandbox Labels v1.0 encodings file
- Preparing for Persistent Sandboxes
- Configuring Sandboxes for Project Isolation
- sandboxes
- configuringConfiguring Sandboxes for Project Isolation
- for operating at a lower clearanceAbout Access to Labeled Files
- persistentPreparing for Persistent Sandboxes
- preparing for persistentPreparing for Persistent Sandboxes
- scope of assigned rightsName Service Scope and Rights Verification
- scripts
- checking for authorizationsChecking for Authorizations in a Script or Program
- for extended accountingEnabling a Trusted User to Read Extended Accounting Files
- Perl scriptsEnabling a Trusted User to Read Extended Accounting Files
- running with privilegesAssigning Privileges to a Script
- securingAssigning Rights to Applications and Scripts
- use of privileges inHow to Run a Shell Script With Privileged Commands
- security attributes See Alsorights
- auto_unlock_timeHow to Set Account Locking for All Logins
- correspondence between files and SMF propertiesSecurity Attributes in Files and Their Corresponding SMF Properties
- default_privilegesModifying System-Wide Privileges, Authorizations, and Rights Profiles
- descriptionBasics of User and Process Rights
- lock_after_retriesHow to Set Account Locking for All Logins
- qualified
- About Qualified User Attributes
- Basics of User and Process Rights
- security policy
- default rightsRights Databases
- restrictive and permissiveBasics of User and Process Rights
- security properties Seerights
- sendmail command
- authorizations required forCommands and Associated Authorizations
- sensitive files Seelabeled files
- separation of duty
- security and non-security rolesCreating Roles for Separation of Duty
- two roles to handle auditingUsing Two Roles to Configure Auditing
- setprop command
- security-attribute=valueAssigning Rights to Users
- shell commands
- passing parent shell process numberListing the Privileges in Your Current Shell
- shells
- determining if privilegedDetermining Whether You Are Using a Profile Shell
- listing privileges on processListing the Privileges in Your Current Shell
- privileged versionsProfile Shells and Rights Verification
- troubleshooting if profileHow to Troubleshoot Rights Assignments
- usability considerationsUsability Considerations When Assigning Rights
- writing privileged scriptsHow to Run a Shell Script With Privileged Commands
- SLEEPTIME security attributeLogin Security Attributes in Files and SMF
- SMF account-policy stencil
- attributes
- for privilegesSMF Stencil That Contains Privilege Information
- containing privilege informationSMF Stencil That Contains Privilege Information
- containing syslog informationSMF Stencil That Contains Privilege Information
- correspondence with legacy filesSecurity Attributes in Files and Their Corresponding SMF Properties
- security attributesaccount-policy SMF Stencil
- SMF services
- account-policyNew Feature – Enabling the account-policy Service
- account-policyaccount-policy SMF Stencil
- solaris.*.assign authorizations
- preventing privilege escalationPrivilege Escalation and User Rights
- solaris.admin.edit authorization
- adding to rights profileCloning and Enhancing the Network IPsec Management Rights Profile
- solaris.smf.value authorization
- removing from rights profileCloning and Removing Selected Rights From a Rights Profile
- stencils
- account-policy serviceNew Feature – Enabling the account-policy Service
- config/etc_default_login
- Modifying Logging Policy
- Modifying Login Policy
- Modifying Login Environment Variables
- config/etc_default_passwdModifying Password Policy
- config/etc_default_suModifying Logging Policy
- config/etc_security_policyconfModifying System-Wide Privileges, Authorizations, and Rights Profiles
- Stop rights profileRights Profiles Reference
- su command
- becoming rootHow to Change the root Role Into a User
- changing to a roleCreating and Assigning a Role to Administer Cryptographic Services
- in role assumptionAssuming an ARMOR Role
- subshells
- restricting editing rightsPreventing Guests From Spawning Editor Subprocesses
- sudo
- roles configured likeCreating a Role That Requires the User's Password
- sudo command
- using in Oracle Solaris
- Using Your Assigned Administrative Rights
- Deciding Which Rights Model to Use for Administration
- SULOG security attributeLogging and su Security Attributes in Files and SMF
- SUPATH security attribute
- Logging and su Security Attributes in Files and SMF
- User Environment Security Attributes in Files and SMF
- superuser
- compared to rights model
- Process Rights Management
- User and Process Rights Provide an Alternative to the Superuser Model
- differences from rights modelAdministrative Differences on a System With Privileges
- eliminating by delegating rightsMore About Roles
- troubleshooting becoming root as a rolePreventing the root Role From Being Used to Maintain a System
- svc:/application/database/mysql:version_57How to Lock Down the MySQL Service
- svc:/network/http:Apache2How to Assign Specific Privileges to the Apache HTTP Server
- svc:/system/account-policy:default
- replacement for security attributes in filesWhat's New in Rights in Oracle Solaris 11.4
- svc:/system/name-service/switch
- How to Troubleshoot Rights Assignments
- Name Service Scope and Rights Verification
- svccfg command
- –s option
- How to Troubleshoot Rights Assignments
- How to Assign Specific Privileges to the Apache HTTP Server
- Assigning Rights to Users
- svcprop command
- –p option
- Modifying Login Policy
- Modifying Login Environment Variables
- –s optionHow to Lock Down the MySQL Service
- SYS privilegesPrivilege Descriptions
- sys_trans_label privilegeAbout Access to Labeled Files
- SYSLOG security attribute
- Logging and su Security Attributes in Files and SMF
- Logging and su Security Attributes in Files and SMF
- SYSLOG_FAILED_LOGINS security attributeLogging and su Security Attributes in Files and SMF
- system
- removing some basic privilegesModifying System-Wide Privileges, Authorizations, and Rights Profiles
- System Administrator rights profile
- assigning to roleDistribution of Rights
- descriptionRights Profiles Reference
- system properties
- privileges relating toPrivilege Descriptions
- system security
- privilegesProcess Rights Management
- using rightsUser and Process Rights Provide an Alternative to the Superuser Model
- System V IPC privilegesPrivilege Descriptions
T
- third-party applications
- creating rights profiles forCreating a Rights Profile for Administrators of a Third-Party Application
- TIMEOUT security attributeLogin Security Attributes in Files and SMF
- TIMEZONE security attributeUser Environment Security Attributes in Files and SMF
- troubleshooting
- assigning passwords for cron jobsUsing the openldap System Account to Run a
cron Job
- failed use of privilegeHow to Determine Which Privileges a Program Requires
- lack of privilegeHow to Determine Which Privileges a Program Requires
- non-UNIX passwordsUsing the openldap System Account to Run a
cron Job
- privilege requirementsHow to Determine Which Privileges a Program Requires
- rightsHow to Troubleshoot Rights Assignments
- rights assignmentsHow to Troubleshoot Rights Assignments
- root as a rolePreventing the root Role From Being Used to Maintain a System
- user running privileged commandsHow to Troubleshoot Rights Assignments
- user running privileged shellDetermining Whether You Are Using a Profile Shell
- truss -t command
- for privilege debuggingUsing the truss Command to Examine Privilege
Use
- trusted users
- assigning extended privileges toEnabling a Trusted User to Read Extended Accounting Files
- assigning roles to
- Adding a Role to a User
- Using ARMOR Roles
- creating
- Expanding Users' Rights
- Creating a Role
- profile shell as login shellCreating a Trusted User to Administer DHCP
U
- ULIMIT security attributeUser Environment Security Attributes in Files and SMF
- UMASK security attributeUser Environment Security Attributes in Files and SMF
- umask value, making more restrictive
- How to Set a More Restrictive umask Value for All Logins
- How to Set a More Restrictive umask Value for Regular
Users
- unlock_after keyword
- descriptionuser_attr Database
- UNLOCK_AFTER security attributeLogin Security Attributes in Files and SMF
- unlocking all user accountsHow to Set Account Locking for All Logins
- unlocking user accountHow to Set Account Locking for Regular Users
- user procedures
- assuming a roleAssuming an ARMOR Role
- protecting own files from application accessUsers Locking Down the Applications That They Run
- using an assigned roleAssuming an ARMOR Role
- using extended privilegesUsers Locking Down the Applications That They Run
- user_attr database
- user_attr Database
- Rights Databases
- useradd command
- authorizations required forCommands and Associated Authorizations
- descriptionRights Administration Commands
- example of usingCreating a Login for a Trusted User
- useradm command
- descriptionRights Administration Commands
- listing local user's rightsListing a Local User's Rights
- useListing All Rights Assigned to a User
- userattr command
- descriptionRights Administration Commands
- use
- How to Troubleshoot Rights Assignments
- Preventing the root Role From Being Used to Maintain a System
- Removing Privileges From a User's Limit Set
- userdel command
- authorizations required forCommands and Associated Authorizations
- descriptionRights Administration Commands
- usermod command
- authorizations required forCommands and Associated Authorizations
- descriptionRights Administration Commands
- –R option
- Changing the root User Into the root Role
- Caching Authentication for Ease of Role Use
- using to assign roleCreating a Role
- users
- assigning
- authenticated rights profilesRequiring a User to Type Password Before Administering DHCP
- privileges toAssigning Privileges Directly to a User
- rightsAssigning Rights to Users
- rights defaultspolicy.conf File
- rights profilesCreating a Trusted User to Administer DHCP
- assigning clearances toEnabling Access to Labeled Files
- authenticating to rights profile
- Assigning Rights Profiles in a Specific Order
- Modifying a Rights Profile to Enable a User to Use Own Password for Role
Password
- authenticating to role
- How to Reorder Assigned Rights
- Enabling a User to Use Own Password for Role Password
- basic privilege setHow Privileges Are Implemented
- creating root userHow to Change the root Role Into a User
- creating with useradd commandCreating a Role
- determining hosts where attributes are validListing Qualified Attributes
- determining if running a profile shellDetermining Whether You Are Using a Profile Shell
- determining own privileged commandsListing Privileges
- enabling access to labeled filesEnabling Access to Labeled Files
- expanding rightsExpanding Users' Rights
- file permissions
- restricting
- How to Set a More Restrictive umask Value for All Logins
- How to Set a More Restrictive umask Value for Regular
Users
- guest restrictionsPreventing Guests From Spawning Editor Subprocesses
- initial inheritable privilegesHow Privileges Are Implemented
- isolating processes with sandboxesConfiguring Sandboxes for Project Isolation
- labeling processesAbout Process Labels and Clearances in Oracle Solaris
- locking account
- How to Set Account Locking for All Logins
- How to Set Account Locking for Regular Users
- managing third-party accountsCreating a Rights Profile for Administrators of a Third-Party Application
- protecting their files from access by applicationsUsers Locking Down the Applications That They Run
- protecting their files from web application accessUsers Locking Down the Applications That They Run
- removing basic privilegesHow to Remove Unneeded Basic Privileges From Users
- removing rightsRestricting Users' Rights
- removing rights system-wideModifying Rights System-Wide As SMF Properties
- requiring use of one-time passwordRestricting Users' Rights
- restricting access to labeled dataAbout Process Labels and Clearances in Oracle Solaris
- restricting control of hardwareHow to Remove Power Management Capability From Users
- restricting file permissions
- How to Set a More Restrictive umask Value for All Logins
- How to Set a More Restrictive umask Value for Regular
Users
- timed unlocking accounts ofHow to Set Account Locking for Regular Users
- timed unlocking system-wideHow to Set Account Locking for All Logins
- troubleshooting running privileged commandsHow to Troubleshoot Rights Assignments
- umask value
- How to Set a More Restrictive umask Value for All Logins
- How to Set a More Restrictive umask Value for Regular
Users
- unlocking accounts of
- How to Set Account Locking for All Logins
- How to Set Account Locking for Regular Users
- using rights profile
- Assigning Rights Profiles in a Specific Order
- Modifying a Rights Profile to Enable a User to Use Own Password for Role
Password
- using
- truss commandUsing the truss Command to Examine Privilege
Use
- auths commandHow to Create an Authorization
- getent command
- Listing Privileges
- Listing the Contents of the Rights Profiles Database
- Listing the Content of the Authorizations Database
- Changing the root User Into the root Role
- ipadm set-prop commandHow to Lock Down the MySQL Service
- ppriv command
- Listing the Privileges in Your Current Shell
- Listing the Privileges in Your Current Shell
- profiles command
- Modifying a Rights Profile to Enable a User to Use Own Password for Role
Password
- Creating and Assigning a Role to Administer Cryptographic Services
- rights defaultsListing Rights and Their Definitions
- rolemod commandAssigning Privileges Directly to a Role
- roles commandListing Your Assigned Roles
- sudo commandDeciding Which Rights Model to Use for Administration
- svccfg command
- How to Troubleshoot Rights Assignments
- How to Apply Extended Privilege Policy to a Port
- svcprop commandHow to Lock Down the MySQL Service
- useradm commandListing a Local User's Rights
- usermod commandAssigning Privileges Directly to a User
- your assigned administrative rightsUsing Your Assigned Administrative Rights
V
- verifying
- access to labeled file systemsHow to Verify User Access to Labeled Files
- viewing Seedisplaying
- contents of rights profilesViewing the Contents of Rights Profiles
- directly assigned privilegesAssigning Privileges Directly to a User
- privileges in a shell
- Listing the Privileges in Your Current Shell
- Adding to a Role's Basic Privileges
- privileges on a processListing the Privileges in Your Current Shell
- rights of initial userListing Rights and Their Definitions
- your rightsListing Rights and Their Definitions
- VSCAN Management rights profile
- cloning to modifyCloning and Removing Selected Rights From a Rights Profile
W
- WARNDAYS security attributePassword Security Attributes in Files and SMF
- WARNWEEKS security attributePassword Security Attributes in Files and SMF
- web browsers
- assigning limited privilegesRunning a Browser in a Protected Environment
- web servers
- Apache HTTP ServerHow to Assign Specific Privileges to the Apache HTTP Server
- checking protectionsHow to Determine Which Privileges the Apache HTTP Server Is Using
- protecting with extended privilegesHow to Assign Specific Privileges to the Apache HTTP Server
- WHITESPACE security attributePassword Security Attributes in Files and SMF
- wildcard characters
- in authorizationsAuthorization Naming Conventions
Z
- zone.max-locked-memory resource controlPrivileges and Resource Management