Commands That Require Authorizations (System Administration Guide: Security Services)

System Administration Guide: Security Services

Commands That Require Authorizations

The following table provides examples of how authorizations are used to limit command options in the Solaris environment. See also Authorizations.

Table 7–8 Commands and Associated Authorizations


Commands	Authorization Requirements
at(1)	`solaris.jobs.user` required for all options (when neither `at.allow` nor `at.deny` files exist)
atq(1)	`solaris.jobs.admin` required for all options
crontab(1)	`solaris.jobs.user` required for the option to submit a job (when neither `crontab.allow` nor `crontab.deny` files exist) `solaris.jobs.admin` required for the options to list or modify other users' `crontab` files
allocate(1) (with BSM enabled only)	`solaris.device.allocate` (or other authorization as specified in device_allocate(4)) required to allocate a device. `solaris.device.revoke` (or other authorization as specified in `device_allocate` file) required to allocate a device to another user (`-F` option)
deallocate(1) (with BSM enabled only)	`solaris.device.allocate` (or other authorization as specified in device_allocate(4)) required to deallocate another user's device. `solaris.device.revoke` (or other authorization as specified in `device_allocate`) required to force deallocation of the specified device (`-F` option) or all devices (`-I` option)
list_devices(1) (with BSM enabled only)	`solaris.device.revoke` required to list another user's devices (`-U` option)

© 2010, Oracle Corporation and/or its affiliates