Planning User Security
The software ships with reasonable security defaults for users. The security defaults are listed in the two files listed in the following table. Where two values are listed, the first value is the default. The security administrator can modify these defaults to reflect the site's security policy. After the security administrator has set the defaults, the system administrator can create all the users, who will inherit the established defaults. See the label_encodings(4) and policy.conf(4) man pages for descriptions of the keywords and values.
The system administrator can set up a standard user template that will set appropriate system defaults for users. For example, by default each user's initial shell is a Bourne shell. The system administrator can set up a template that gives each user a C shell by default. See the Solaris Management Console online help for User Accounts for more information.
Table 1-1 Trusted Solaris Security Defaults for User Accounts|
File name |
Keyword |
Value |
|---|---|---|
|
/etc/security/policy.conf |
IDLECMD |
lock | logout |
|
|
IDLETIME |
30 |
|
|
LABELVIEW |
showsl | hidesl |
|
|
LOCK_AFTER_RETRIES |
yes | no |
|
|
PASSWORD |
manual | auto |
|
|
PROFS_GRANTED |
Basic Solaris User |
|
LOCAL DEFINITIONS section of /etc/security/tsol/label_encodings |
Default User Clearance |
c |
|
Default User Sensitivity Label |
u |
|
|
|
Admin Low Name |
ADMIN_LOW |
|
|
Admin High Name |
ADMIN_HIGH |
|
|
Default Label View |
External | Internal |
- © 2010, Oracle Corporation and/or its affiliates