Enabling the account-policy service and specific security attributes is the preferred method of managing security attributes for your system. When the account-policy service is in effect, the databases that are described in this chapter might not reflect the current security policy.
Oracle Solaris loads but does not enable the account-policy SMF stencil at boot time. After you enable the account-policy service and enable the security attributes that your site security policy requires be different from the default, all system security attributes are SMF properties whose values can be viewed by the svcprop command. Security attributes that are enabled in the account-policy service can be modified.
The following command indicates whether the administrator has enabled the account-policy service and a particular property can be modified:
$ svcs account-policy $ svcprop -p config/ -s account-policy
online indicates that the service is enabled.
To display the value of a security attribute, use the following syntax:
$ svcprop -p property account-policy:default
For a list of security attributes in SMF and their corresponding names in the /etc files, see Security Attributes in Files and Their Corresponding SMF Properties man page.