New commands can be added to run during boot in the following ways:
In the /etc/inittab file.
See the inittab(4) man page and "Adding Commands to the inittab File".
In scripts in the /etc/init.d (linked to /etc/rcn.d) directory.
See the init.d(4) man page. and "Adding Commands to /etc/init.d Scripts". Solaris behavior is described in "Run Control Scripts" in the System Administration Guide, Volume I.
In the /etc/inet/inetd.conf file.
See the inetd.conf(4) man page and "Adding Services to the inet Daemon".
Unless other attributes are explicitly configured, commands run from the inittab or from scripts in /etc/init.d during the boot process have a label and clearance of ADMIN_LOW
, a real and effective UID and GID of
0, and no privileges. If commands added into one of the files in the previous list need non-default security attributes, the commands must be added to local rights profiles. The Rights tool should be launched from a toolbox with the Files scope on the computer whose local files have been modified. Profiles
defined on a naming service master are not going to be available to the boot programs on a naming service client.
Make the changes to the inittab(4) file, and then add the commands to the boot profile. For example, if a script in /usr/local/bin named mysite needs to run with real UID of root, the Security Administrator role does the following:
Uses the Admin Editor to add an entry for the mysite script to /etc/inittab:
lo:234:respawn:/usr/local/bin/mysite |
Uses the Rights tool with the Files scope to add the script /usr/local/bin/mysite to the boot rights profile with a real UID of 0.
See "To Add Commands to the /etc/inittab File".
In the default Trusted Solaris environment, the /etc/init.d scripts are modified to use the system shell, sysh(1M), instead of the Bourne shell, sh(1) when the service being started requires explicit privileges or other non-default security attributes that are defined in the boot profile. In the default boot scripts, /bin/sysh is used without the name of a profile argument because if no profile is specified, the system shell looks at the boot profile by default.
Do not modify the commands already specified in the boot profile or modify the default /etc/init.d scripts. You can either add new scripts or change only scripts that may be added when a new application imported to the system.
When additional commands need to run during boot with non-default security attributes, the Security Administrator role specifies the commands with the needed attributes either by creating a new boot-time rights profile or by modifying the existing boot profile using the SMC Rights tool.
The role also needs do one of the following in /etc/init.d: modify an existing shell script, or create a new shell script so that the script starts with #!/sbin/sysh as the first line.
See the README in the /etc/init.d directory and in each /etc/rcn.d directory for guidelines about the numbering of the scripts that start system services.
As shown in the following example, a system shell boot script has #!/sbin/sysh as the first line. If the Security Administrator role has added the needed commands into the boot profile, there is no need to specify a profile name. If the Security Administrator role has created a new boot profile, the second line has the setprof argument followed by the name of the local_boot_profile.
#!/sbin/sysh setprof local_boot_profile |
For example, if a command needs a process label other than ADMIN_LOW
, the profile needs to specify the label and if the command needs a UID of root, the profile needs to specify the required UID. See "To Run rc Scripts With Security Attributes".
Stopping or starting boot scripts in a Trusted Solaris environment requires privileges, so the script must be executed by the System Administrator Role in an administrative role workspace with the trusted path attribute, and the script's name must be in one of the account's rights profiles.
The toolbox from which the Rights tool is invoked should be running with the local FIles scope on the computer where the script is added to the /etc/init.d.
Services started by inetd(1M) run with the label and clearance of the client. inetd also runs with other attributes of the client if the following are specified in inetd.conf(4):
If the uid field has the keyword CLIENT, the services start with the client's UID, GID, primary and any secondary groups.
If the wait-status field contains the setaudit flag, the services are started with the client's audit characteristics.
In addition:
If the wait-status field contains the trusted flag, the trusted path attribute is available to the service.
The Security Administrator can specify privileges and a label range by adding the service to the inetd rights profile and assigning the service the desired privileges and a label range.
If an entry in the inetd profile assigns privileges to the service, the service inherits the specified privileges.
If an entry in the inetd profile specifies minimum and maximum labels, inetd verifies that the label of the client is within the specified label range. If the label of the client is not the label range, the service is not executed.