Go to main content

Securing Users and Processes in Oracle® Solaris 11.4

Exit Print View

Updated: November 2020

account-policy SMF Stencil

Enabling the account-policy service and specific security attributes is the preferred method of managing security attributes for your system. When the account-policy service is in effect, the databases that are described in this chapter might not reflect the current security policy.

Oracle Solaris loads but does not enable the account-policy SMF stencil at boot time. After you enable the account-policy service and enable the security attributes that your site security policy requires be different from the default, all system security attributes are SMF properties whose values can be viewed by the svcprop command. Security attributes that are enabled in the account-policy service can be modified.

Note -  The files that list security attributes, such as /etc/policy.conf and /etc/default/login, might no longer reflect existing security policy. Also, modifying the contents of those files has no effect on security policy.

The following command indicates whether the administrator has enabled the account-policy service and a particular property can be modified:

$ svcs account-policy
$ svcprop -p config/ -s account-policy 

online indicates that the service is enabled.

To display the value of a security attribute, use the following syntax:

$ svcprop -p property account-policy:default

For a list of security attributes in SMF and their corresponding names in the /etc files, see Security Attributes in Files and Their Corresponding SMF Properties man page.