This section describes new security features.
Many system files and directories in this Solaris release have different default ownership and stricter permissions than in previous releases. The default ownership and permissions changes are:
Default file and directory ownership has been changed from bin to root.
Files and directories previously having default permissions of 775 now have default permissions of 755.
Files and directories previously having default permissions of 664 now have default permissions of 644.
Default umask of the system is 022.
Keep the following in mind when creating a package to be added to a system running the Solaris 8 release:
All files and directories must have root as the default owner.
Directories and executables must have default permissions of 555 or 755.
Ordinary files must have default permissions of 644 or 444.
Files with setuid and/or setgid ownership cannot be writable by the owner, unless the owner is root
These changes do not apply to all files and directories in this release; for example, the changes do not apply to OpenWindows or CDE files and directories.
Role-based access control (RBAC) provides a flexible way to package superuser privileges for assignment to user accounts so that you don't have to give all superuser privileges to a user that needs to solve a specific problem.
See Chapter 19, Role-Based Access Control for more information.
This feature provides the Kerberos V5 client-side infrastructure, an addition to the Pluggable Authentication Module (PAM), and utility programs that can be used to secure RPC based applications, such as the NFS service. Kerberos provides selectable strong user or server level authentication, integrity, or privacy support. The Kerberos clients can be used in conjunction with Sun Enterprise Authentication Mechanism (SEAM), a part of SEAS 3.0, or other Kerberos V5 software (for instance, the MIT distribution) to create a complete single network sign-on solution.
See Chapter 21, SEAM Overview for more information.