| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
6. Verifying File Integrity by Using BART (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Security Attributes in Oracle Solaris (Reference)
Viewing the Contents of Rights Profiles
Authorization Naming Conventions
Delegation Authority in Authorizations
RBAC Databases and the Naming Services
Selected Commands That Require Authorizations
Administrative Commands for Handling Privileges
Files With Privilege Information
Prevention of Privilege Escalation
Legacy Applications and the Privilege Model
Part IV Cryptographic Services
11. Cryptographic Framework (Overview)
12. Cryptographic Framework (Tasks)
Part V Authentication Services and Secure Communication
14. Using Pluggable Authentication Modules
17. Using Simple Authentication and Security Layer
18. Network Services Authentication (Tasks)
19. Introduction to the Kerberos Service
20. Planning for the Kerberos Service
21. Configuring the Kerberos Service (Tasks)
22. Kerberos Error Messages and Troubleshooting
23. Administering Kerberos Principals and Policies (Tasks)
24. Using Kerberos Applications (Tasks)
25. The Kerberos Service (Reference)
A user or role can be assigned security attributes directly or through a rights profile. The order of search affects which security attribute value is used. The value of the first found instance of the attribute is used.
Note - The order of authorizations is not important. Authorizations are cumulative.
When a user logs in, security attributes are assigned in the following search order:
security attributes that are assigned to the user with the useradd and usermod commands. For a list, see user_attr Database.
rights profiles that are assigned to the user with the useradd and usermod commands. These assignments are searched in order.
The order is first profile in the list, then its list of rights profiles, second profile in the list, then its list of profiles, and so on. The first instance of a value is the one that the system uses, except for auths values, which are cumulative. The attributes in rights profiles include all the security attributes for users, plus supplementary profiles. For a list, see user_attr Database.
Console User rights profile value. For a description, see Rights Profiles.
If the Stop rights profile is assigned, the evaluation of security attributes stops. No attributes are assigned after the Stop profile is assigned. The Stop profile is evaluated after the Console User rights profile and before the other security attributes in the policy.conf file, including AUTHS_GRANTED. For a description, see Rights Profiles.
Basic Solaris User rights profile value in the policy.conf file.
AUTHS_GRANTED value in the policy.conf file.
PROFS_GRANTED value in the policy.conf file.
PRIV_DEFAULT value in the policy.conf file.
PRIV_LIMIT value in the policy.conf file.
|