Privileged Applications and RBAC
Applications and commands that can override system controls are considered privileged applications. Security attributes such as UID=0, privileges, and authorizations make an application privileged.
Applications That Check UIDs and GIDs
Privileged applications that check for root (UID=0) or some other special UID or GID have long existed in the UNIX environment. The rights profile mechanism enables you to isolate commands that require a specific ID. Instead of changing the ID on a command that anyone can access, you can place the command with execution security attributes in a rights profile. A user or role with that rights profile can then run the program without having to become superuser.
IDs can be specified as real or effective. Assigning effective IDs is preferred over assigning real IDs. Effective IDs are equivalent to the setuid feature in the file permission bits. Effective IDs also identify the UID for auditing. However, because some shell scripts and programs require a real UID of root, real UIDs can be set as well. For example, the pkgadd command requires a real rather than an effective UID. If an effective ID is not sufficient to run a command, you need to change the ID to a real ID. For the procedure, see How to Create or Change a Rights Profile.
Applications That Check for Privileges
Privileged applications can check for the use of privileges. The RBAC rights profile mechanism enables you to specify the privileges for specific commands. Instead of requiring superuser capabilities to use an application or command, you can isolate the command with execution security attributes in a rights profile. A user or role with that rights profile can then run the command with just the privileges that the command requires to succeed.
Commands that check for privileges include the following:
-
Kerberos commands, such as kadmin, kprop, and kdb5_util
-
Network commands, such as ifconfig, routeadm, and snoop
-
File and file system commands, such as chmod, chgrp, and mount
-
Commands that control processes, such as kill, pcred, and rcapadm
To add commands with privileges to a rights profile, see How to Create or Change a Rights Profile. To determine what commands check for privileges in a particular profile, see Determining Your Assigned Privileges.
Applications That Check Authorizations
The Solaris OS additionally provides commands that check authorizations. By definition, the root user has all authorizations. Therefore, the root user can run any application. Applications that check for authorizations include the following:
-
The entire Solaris Management Console suite of tools
-
Audit administration commands, such as auditconfig and auditreduce
-
Printer administration commands, such as lpadmin and lpfilter
-
The batch job-related commands, such as at, atq, batch, and crontab
-
Device-oriented commands, such as allocate, deallocate, list_devices, and cdrw.
To test a script or program for authorizations, see Example 9–24. To write a program that requires authorizations, see About Authorizations in Oracle Solaris Security for Developers Guide.
- © 2010, Oracle Corporation and/or its affiliates