The Trusted Solaris environment provides a set of predefined rights profiles (see the following table). Before you assign any of these rights profiles, you should familiarize yourself with their contents. To view the contents of predefined rights profiles, use the -list option of the smprofile command (see "Displaying Rights Profile Information") or the Rights dialog box. The profiles can be modified according to the needs of your organization.
Table 1-2 Rights Profile Descriptions
Rights Profile |
Purpose |
---|---|
Provides access to all executables but without privileges. |
|
All Actions |
Provides access to all actions but without privileges. |
Provides all authorizations (for testing). |
|
All Commands |
Provides access to all commands but without privileges. |
For managing the audit subsystem but without the ability to read files. |
|
For reading the audit trail. |
|
Provides access to the applications on the Front Panel with the necessary privileges. |
|
Provides access to basic commands necessary for all roles. |
|
Basic Solaris User |
Assigned to all users of the Solaris Management Console. Provides Read permissions and lets users add cron jobs to their crontab files. Contains the All rights profile. |
Provides authorizations for normal users. |
|
For managing cron and at jobs. |
|
An empty right for adding security attributes to the default Admin role. |
|
An empty right for adding security attributes to the default Oper role. |
|
An empty right for adding security attributes to the default Root role. |
|
An empty right for adding security attributes to the default Secadmin role. |
|
Custom SSP |
An empty right for adding security attributes to the default SSP role for Sun EnterpriseTM 10000 administration. |
Device Management |
For allocating and deallocating devices, and correcting error conditions. |
For managing and configuring devices. |
|
Provides the authorization for allowing yourself and other users to log in after boot. |
|
For managing file systems. |
|
For managing file system labels and other security attributes. |
|
Information Security |
For setting access control policy. |
For configuring sendmail, modifying aliases, and checking mail queues. |
|
Provides commands needed to maintain or repair a system. |
|
For backing up files. |
|
Restore files from backup. |
|
Name Service Management |
Grants right to control the name service daemon. |
Name Service Security |
Grants right to control the name service properties and table data. |
For managing the host and network configuration. |
|
Network Security |
For managing network and host security, with authorizations for modifying trusted network databases. |
For changing ownership and permissions on files. |
|
For changing labels of files and setting up system-wide labels. |
|
For changing privileges on executable files. |
|
For operating outside system accreditation range. |
|
Primary Administrator |
Contains subordinate rights profiles for primary administrator role. |
For developers to run Bourne, Korn, and C shells with all privileges. Not intended for secure environments. |
|
For managing current processes, including cron and at jobs. |
|
Remote Administration | For remote administration of headless systems. |
Rights Delegation |
Lets user or role assign rights assigned to that user or role to other users or roles. Lets user assign roles assigned to that user to other users. |
Rights Security |
For managing assignment of rights profiles, labels, and privileges, and for setting account security. |
Software Installation |
For adding application software to the system. |
SSP Administration |
Tools for administering the SSP. |
SSP Installation |
Tools for installing the SSP. |
System Administrator |
Contains subordinate rights profiles for system administrator role. |
For creating and modifying users but without the ability to modify self (as a security measure). |
|
For creating and modifying users' security attributes but without the ability to modify self (as a security measure). |