Go to main content

Securing Files and Verifying File Integrity in Oracle® Solaris 11.3

Exit Print View

Updated: October 2017

File Security Glossary

Access Control List (ACL)

A list associated with a file that contains information about which users or groups have permission to access or modify the file. An access control list (ACL) provides finer-grained file security than traditional UNIX file protection provides. For example, an ACL enables you to allow group read access to a file, while allowing only one member of that group to write to the file.


Generally, a plan or course of action that influences or determines decisions and actions. For computer systems, policy typically means security policy. Your site's security policy is the set of rules that define the sensitivity of the information that is being processed and the measures that are used to protect the information from unauthorized access. For example, security policy might require that home directories be encrypted.


1. In general, a power or capability to perform an operation on a computer system that is beyond the powers of a regular user. A privileged user or privileged application is a user or application that has been granted additional rights.

2. A discrete right on a process in an Oracle Solaris system. Privileges offer a finer-grained control of processes than does root. Privileges are defined and enforced in the kernel. For a full description of privileges, see the privileges(5) man page.

privilege model

A stricter model of security on a computer system than the superuser model. In the privilege model, processes require privilege to run. Administration of the system can be divided into discrete parts that are based on the privileges that administrators have in their processes. Privileges can be assigned to an administrator's login process. Or, privileges can be assigned to be in effect for certain commands only.

privileged user

A user whom you have decided can perform administrative tasks at some level of trust.

public object

A file that is owned by the root user and readable by the world, such as any file in the /etc directory.


An alternative to the all-or-nothing superuser model. User rights management and process rights management enable an organization to divide up superuser's privileges and assign them to users or roles. Rights in Oracle Solaris are implemented as kernel privileges, authorizations, and the ability to run a process as a specific UID or GID. Rights can be collected in a rights profile and a role.

rights profile

Also referred to as a profile. A collection of security overrides that enable regular users to perform privileged actions.


A special identity for running privileged applications that only assigned users can assume.

security attributes

Overrides to security policy that enable an administrative command to succeed when the command is run by a user other than superuser. In the superuser model, the setuid root and setgid programs are security attributes. When these attributes are applied to a command, the command succeeds no matter who runs the command. In the privilege model, kernel privileges and other rights replace setuid root programs as security attributes. The privilege model is compatible with the superuser model, in that the privilege model also recognizes the setuid and setgid programs as security attributes.

security policy

See policy.