Security Enhancements

This section describes new features in the Solaris 8 operating environment that affect system security and file system and directory ownership.

Solaris Smart Cards

The Solaris Smart Card feature implements the Open Card Framework (OCF) 1.1 standard. Security administrators can use this technology to protect a computer desktop or individual application by requiring users to authenticate themselves by means of a smart card. Each host to be secured by Solaris Smart Cards requires a card reader. To gain access to secured desktops or applications, users first insert their smart cards into the readers and then type the PINs for their cards. Host machines use the PINs and the users' passwords embedded on their cards to verify that users are whom they claim to be.

Solaris Smart Cards supports two external card readers, the Sun Smart Card Reader I and the iButton Reader. Three smart cards are supported, the Java-based iButton and Cyberflex cards, and the Payflex smart card.

The Solaris Smart Cards Administration Guide tells security administrators how to set up smart card support for their sites. It also introduces users to the smart cards technology.

Default File System and Directory Permissions

Many system files and directories in the Solaris 8 release have different default ownership and stricter permissions than in previous releases. The default ownership and permissions changes are:

• Default file and directory ownership has been changed from bin to root

• Files and directories previously with default permissions of 775 now have default permissions of 755

• Files and directories previously with default permissions of 664 now have default permissions of 644

• Default umask of the system is 022

Keep the following in mind when creating a package to be added to a system running the Solaris 8 release:

• All files and directories must have root as the default owner

• Directories and executables must have default permissions of 555 or 755

• Ordinary files must have default permissions of 644 or 444

• set-uid and set-gid files cannot be writable by the owner, unless the owner is root

These changes do not apply to all files and directories in this release; for example, the changes do not apply to OpenWindows or CDE files and directories.

Role-Based Access Control

Traditional superuser-based systems grant full superuser powers to anyone who can become superuser. With role-based access control (RBAC) in the Solaris 8 operating environment, administrators can assign limited administrative capabilities to normal users. This is achieved through three new features:

• Authorizations -- user rights that grant access to a restricted function

• Execution profiles -- bundling mechanisms for grouping authorizations and commands with special attributes, typically superuser ID

• Roles -- special types of user accounts intended for performing a set of administrative tasks

The administrator creates an execution profile containing authorizations and privileged commands for a specific task or set of tasks. That profile can be assigned directly to a user or to a role. Roles, in turn, are assigned to users. To gain access to a role, a user with the assigned role executes the su command. Roles have the advantage of being shared accounts that do not need to be updated when individual responsibilities change. The following new files support RBAC:

• /etc/user_attr -- stores extended security attributes related to users and roles

• /etc/security/auth_attr -- lists and describes authorizations

• /etc/security/prof_attr -- lists execution profiles and associated authorizations

• /etc/security/exec_attr -- associates execution attributes with execution profiles

• /etc/security/policy.conf -- provides the security policy configuration for user-level attributes

For more information, see System Administration Guide, Volume 2

Centralized Administration of User Audit Events

The file, /etc/security/audit_user, which stores audit preselection classes for users and roles, is now supported in the name switch. It is no longer necessary to set up the audit events for a user on each system to which the user has access.

Sun Enterprise Authentication Mechanism (Kerberos V5) Client Support

This feature provides the Kerberos V5 client-side infrastructure, an addition to the Pluggable Authentication Module (PAM), and utility programs that can be used to secure RPC based applications, such as the NFS service. Kerberos provides selectable strong user or server level authentication, integrity, or privacy support. The Kerberos clients can be used in conjunction with Sun Enterprise Authentication Mechanism (SEAM) (a part of SEAS 3.0) or other Kerberos V5 software (for instance, the MIT distribution) to create a complete single network sign-on solution.

For more information, see the System Administration Guide, Volume 2.