In Oracle Solaris 11.4, you can set the default rights for a system in SMF.
In legacy systems, you edited files in the /etc directory. When you use SMF, properties of the account-policy indicate the current policies. The security policies are grouped into four stencils:
When you enable a stencil, you are then able to modify the security attributes that are in that stencil.
To enable the service and verify that it is in effect, run the following commands:
$ pfexec svcadm enable account-policy $ svcs account-policy STATE STIME FMRI online 0:10:00 svc:/system/account-policy:default
Then, you enable the security attribute to be changed and then change its value to your site policy.
$ pfbash svccfg -s account-policy \ setprop config/etc_security-stencil/disabled = boolean: false $ svccfg -s account-policy:default \ setprop security-stencil-group/property = [type:] value $ svcadm refresh account-policy
The rights that you can modify system-wide include the following:
Modifying System-Wide Privileges, Authorizations, and Rights Profiles
For a list of security attributes that you can modify system-wide, see Security Attributes in Files and Their Corresponding SMF Properties.