Man Pages (4): File Formats

tsolprof(4)

NAME

tsolprof- Trusted Solaris User Profiles Database

SYNOPSIS

/etc/security/tsol/tsolprof

DESCRIPTION

The tsolprof database specifies security attributes associated with profiles. A profile is a logical grouping of authorizations, commands, and actions, which is interpreted by dtwm(1) and pfsh(1M) to form a secure execution environment. Each user or role account is assigned zero or more profiles in the tsoluser(4) database file.

tsolprof can be used with other profile sources, namely the NIS+ table tsolprof. Programs use the getprofent(3) routines to gain access to this information.

Administrators can modify tsolprof and should do so only through the Profile Manager application, which is accessible through solstice(1M). Editing the file directly, such as through a text editor, is strongly discouraged.

Each entry in the tsolprof database consists of one line of text, containing at least these five elements: the profile name, a short description of its use, a list of authorizations, a list of permitted actions, and a list of permitted commands. Line continuations and comments are not allowed. The basic format of each entry is:

profile:description:authorizations:actions:commands:links:flags

The fields of each entry are:

profile: The name of the profile. If this field contains a caret (^), the entry is interpreted as a continuation of another profile entry.
description: Descriptive text. The field should explain why a user might be assigned the profile.
authorizations: A comma-separated list of authorization numbers or names; or the keyword all or none.

actions

Zero or more semicolon-separated sets of action information; or the key word none, which indicates that execution of actions is not permitted. A set of action information is specified in the form:

actname;argclass;argtype;argmode;argcount;privs;euid;egid;min;max[;...]

actname

Is the name of the action as defined by CDE. This field also accepts the asterisk (*), indicating that all actions executed will gain any specified privileges, UID, and GID, and be restricted by the given label range.

When the asterisk is used, the next four fields (argclass, argtype, argmode, and argcount) are irrelevant.

argclass

Is the argument class (for example, FILE or SESSION.)

min

Specifies the minimum label at which the user must operate in order to execute the action.

max

Specifies the maximum label at which the user must operate in order to execute the action.

To specify another action, place a semicolon after the current actions field and repeat the required information for the next action.

commands

Zero or more semicolon-separated sets of command information; or the keyword none, indicating that no commands are allowed. Each set of command information is specified in the form:

dir;filename;privs;euid;egid;min;max[;...]

dir: Is an absolute path to the directory containing the subsequent file names; or the at symbol (@), indicating that the entry applies to the previous dir; or an asterisk (*), indicating that all commands executed should have the privileges, UID , and GID specified, and should be restricted by the given label range. The first dir entry must be an absolute path. When the asterisk is used, the next field (filename) is not interpreted.
filename: Is the name of the file to which the subsequent attributes apply when the file is executed.
privs: Is a comma-separated list of privilege numbers that make up the effective privileges when the command is executed. The keyword all selects all privileges.
euid, egid: Are similar to the setuid and setgid bits on a file.
min: Specifies the minimum label at which the user must operate in order to execute the action.
max: Specifies the maximum label at which the user must operate in order to execute the action.

links

This field specifies how many profile entries the profile has (in most cases, 1). This field is used to create a profile with more than 8000 bytes of data.

flags

Reserved for future use. It contains the keyword none.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWtsr

EXAMPLES

For the sake of clarity on this man page, examples are shown using a continuation character (\). In the database file, however, the backslash is not permitted because each entry is made on a single line.

All:Foundation. A Standard Solaris User.:none:\
*;*;*;*;*;;;;;:*;;;;;;:1:none
Custom Admin Role:Modify this profile to customize the admin\
role for your site.:none:TrustedEditor;*;*;*;*;4,5,6,43,44\
;;;;:/usr/dt/bin;trusted_edit;4,5,6,43,44;;;;:1:none

The All profile is noted as a "Foundation" profile, meaning that it is best used as the first profile assigned to a user. It happens to provide access to all commands and actions, but without any privileges, label restrictions, or the ability to set the UID or GID of the executed command or action.

The Custom Admin Role profile grants a user the dac_read (privilege number 4), dac_search (5), dac_write (6), proc_audit_appl (43), and proc_audit_tcb (44) privileges. With this profile a user can edit files. Both the TrustedEditor CDE action and the trusted_edit CDE command are assigned enough privilege to get past any discretionary file access restrictions and to write to the audit trail, which is necessary to record changes made to administrative files.

FILES

/etc/security/tsol/tsolprof: Trusted Solaris user profiles database

WARNINGS

The maximum length of a single line in the profile database is TSOLPROF_MAX_NIS_ENT characters as defined in /etc/default/libtsoldb. The Profile Manager and the interfaces described in getprofent(3) are designed to transparently prevent an entry from exceeding this limit. If the limit is exceeded and the tsolprof database is loaded into NIS+, the rpc.nisd(1M) may terminate and dump core.

Do not use the following symbols within a profile field: colon (:), semicolon (;), comma (,), caret (^), tab (\t), carrriage return (\n), pound (#), or backslash (\).

Trusted Solaris 7 Reference Manual

getprofent(3), auth_name(4), priv_name(4), tsoluser(4)

SunOS 5.7 Reference Manual

solstice(1M), attributes(5)

Trusted Solaris 7 Last Revised 17 Apr 1998