This section describes some typical rights profiles. Rights profiles are convenient collections of authorizations and other security attributes, commands with security attributes, and supplementary rights profiles. Oracle Solaris provides many rights profiles. If they are not sufficient for your needs, you can modify existing ones and create new ones.
Rights profiles must be assigned in order, from most to least powerful. For more information, see Order of Search for Assigned Rights.
To view the contents of the following rights profiles, see Viewing the Contents of Rights Profiles.
System Administrator rights profile – Provides access to most tasks that are not connected with security. This profile includes several other profiles to create a powerful role. Note that the All rights profile is assigned at the end of the list of supplementary rights profiles.
Basic Solaris User rights profile – Enables users to use the system within the bounds of security policy. This profile is the default users' rights profile. Note that the convenience that the Basic Solaris User rights profile provides must be balanced against site security requirements. Sites that need stricter security might prefer to remove this profile or assign the Stop rights profile. For the implementation of the Basic Solaris User rights profile, see Example 73, Listing the Commands With Security Attributes in Your Rights Profiles.
Stop rights profile – A special rights profile that stops the evaluation of later profiles. This profile also prevents the evaluation of the AUTHS_GRANTED, PROFS_GRANTED, and CONSOLE_USER security attributes. With the Stop profile, you can provide roles and users with a restricted profile shell.
The getent command enables you to view the contents of all of the rights profiles on the system. For sample output, see Listing Rights in Oracle Solaris.
The profiles -p "Profile Name" info command enables you to view the contents of a specific rights profile.
The profiles -l account-name command enables you to view the contents of the rights profiles that are assigned to a specific user or role.