The user, rights profile, and authorization databases are now available in the Solaris environment. Therefore, Trusted Solaris 8 can manage the rights and authorizations for Solaris 8 clients as well as Trusted Solaris 8 clients. The Solaris environment changed the name execution profile to rights, or rights profile.
Profiles are administered through the Solaris Management Console. The Profile Manager is now the Rights tool, under Users (the User Manager). The Rights tool does not recognize symlinked commands.
Profiles are now hierarchical. Profiles can subsume other profiles, though they do not have to. Hierarchical profiles eliminate the need to enumerate all profiles assigned to a user or role.
The names and contents of profiles have changed. Most profiles have been reconfigured; some profiles have been eliminated.
Trusted Solaris extends the Solaris versions of the user, profile, and authorization databases to include CDE actions and Trusted Solaris security attributes, such as labels and new authorizations. The following table shows the new database names.
Table 1-6 Database Changes from Trusted Solaris 7 to Trusted Solaris 8
Trusted Solaris 7 Database |
Trusted Solaris 8 Man Page |
---|---|
/etc/security/tsol/tsolprof | |
/etc/security/tsol/tsoluser | |
/usr/lib/tsol/locale/C/auth_name | |
auth_desc man page |
SMC help for the Authorizations tab |