Securing Users and Processes in Oracle® Solaris 11.2

Exit Print View

 
Updated: July 2014
 
 

Basics of User and Process Rights

The terms unprivileged or without rights do not apply in Oracle Solaris. Every process in Oracle Solaris, including regular user processes, has at least some privileges or other user rights, such as authorizations. To learn about the basic set of privileges that Oracle Solaris grants to all UNIX processes, see Process Rights Management.

    The following elements enforce user rights in Oracle Solaris. These rights can be configured to enforce permissive security policies or restrictive security policies.

  • Authorization – A permission that enables a user or role to perform a class of actions that require additional rights. For example, the default security policy gives console users the solaris.device.cdrw authorization. This authorization enables users to read and write to a CD-ROM device. For a list of authorizations, use the auths list command. Authorizations are enforced at the user application level, not in the kernel. See More About User Authorizations.

  • Privilege – A right that can be granted to a command, a user, a role, or a specific resources, such as a port or SMF method. Privileges are implemented in the kernel. For example, the proc_exec privilege allows a process to call execve(). Regular users have basic privileges. To see your basic privileges, run the ppriv -vl basic command. For more information, see Process Rights Management.

  • Security attributes – An attribute that enables a process to perform an operation, or the implementation of a right. In a typical UNIX environment, a security attribute enables a process to perform an operation that is otherwise forbidden to regular users. For example, setuid and setgid programs have security attributes. In the rights model, authorizations and privileges are security attributes in addition to setuid and setgid programs. These attributes, or rights, can be assigned to a user. For example, a user with the solaris.device.allocate authorization can allocate a device for exclusive use. Privileges can be placed on a process. For example, a process with the file_flag_set privilege can set immutable, no-unlink, or append-only file attributes.

    Security attributes can also limit rights. For example, the access_times and access_tz security attributes set the days and times and optionally the timezone when specific security-relevant operations are permitted. You can limit users directly or by assigning them an authenticated rights profile that contains these keywords. For more information, see the user_attr (4) man page.

  • Privileged application – An application or command that can override system controls by checking for rights. For more information, see Applications That Check for Rights and Developer’s Guide to Oracle Solaris 11 Security .

  • Rights profile – A collection of rights that can be assigned to a role or to a user. A rights profile can include authorizations, directly assigned privileges, commands with security attributes, and other rights profiles. Profiles that are within another profile are called supplementary rights profiles. Rights profiles offer a convenient way to group rights. They can be directly assigned to users or to special accounts called roles. You can use the commands in a a rights profile only if your process recognizes rights. Additionally, you can be required to supply a password. Alternatively, password authentication can be supplied by default. See More About Rights Profiles.

  • Role – A special identity for running privileged applications. The special identity can be assumed by assigned users only. In a system that is run by roles, superuser can be unnecessary after initial configuration. See More About Roles.

The following figure shows how user rights and process rights work together.

Figure 1-2  User Rights and Process Rights Working Together

image:Graphic shows how a rights profile is assigned to a user in a role, who then has those rights.

The following figure uses the Network Security role and the Network Security rights profile to demonstrate how assigned rights work.

Figure 1-3  Example of a User Rights and Process Rights Assignment

image:The following paragraphs describe the graphic.

The Network Security role is used to manage IPsec, wifi, and network links. The role is assigned to the user jdoe. jdoe can assume the role by switching to the role, and then supplying the role password. The administrator can enable the role to authenticate by using the user password rather than a role password.

In the figure, the Network Security rights profile is assigned to the Network Security role. The Network Security rights profile contains supplementary profiles that are evaluated in order, Network Wifi Security, Network Link Security, and Network IPsec Management. These supplementary profiles contain rights that complete the role's primary tasks.

The Network Security rights profile has three directly assigned authorizations, no directly assigned privileges, and two commands with security attributes. The supplementary rights profiles have directly assigned authorizations, and two of them have commands with security attributes.

When jdoe assumes the Network Security role, the shell changes to a profile shell. The profile shell process can evaluate the use of rights, so jdoe can administer network security.

Copyright © 2002, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next