System Administration Guide: Security Services

Commands That Require Authorizations

The following table provides examples of how authorizations are used to limit command options in the Solaris environment. See also Authorizations.

Table 7–8 Commands and Associated Authorizations

Commands 

Authorization Requirements 

at(1)

solaris.jobs.user required for all options (when neither at.allow nor at.deny files exist)

atq(1)

solaris.jobs.admin required for all options

crontab(1)

solaris.jobs.user required for the option to submit a job (when neither crontab.allow nor crontab.deny files exist)

solaris.jobs.admin required for the options to list or modify other users' crontab files

allocate(1) (with BSM enabled only)

solaris.device.allocate (or other authorization as specified in device_allocate(4)) required to allocate a device.

solaris.device.revoke (or other authorization as specified in device_allocate file) required to allocate a device to another user (-F option)

deallocate(1) (with BSM enabled only)

solaris.device.allocate (or other authorization as specified in device_allocate(4)) required to deallocate another user's device.

solaris.device.revoke (or other authorization as specified in device_allocate) required to force deallocation of the specified device (-F option) or all devices (-I option)

list_devices(1) (with BSM enabled only)

solaris.device.revoke required to list another user's devices (-U option)