Go to main content
Index
Numbers and Symbols
- $$ (double dollar sign)
- parent shell process number
Listing the Privileges in Your Current Shell
- removing basic privilege from your process
Removing a Basic Privilege From Yourself
- * (asterisk)
- checking for in authorizations
Checking for Authorizations in a Script or Program
- wildcard character
- in authorizations
Authorization Naming Conventions
- + (plus sign)
- keyword modifier
Modifying a Role's Rights
- - (minus sign)
- keyword modifier
Modifying a Role's Rights
- . (dot)
- authorization name separator
Authorization Naming Conventions
- {} (curly braces)
- extended privileges syntax
How to Lock Down the MySQL Service
How to Apply Extended Privilege Policy to a Port
Enabling a Non-root Account to Read a root-Owned
File
Enabling a Trusted User to Read Extended Accounting Files
A
- access
- controlling application access to specified directories
Users Locking Down the Applications That They Run
- enabling to restricted files
Cloning and Enhancing the Network IPsec Management Rights Profile
Editing a System File
Enabling a Trusted User to Read Extended Accounting Files
- limiting port privileges
How to Apply Extended Privilege Policy to a Port
- restricting guest access to system
Assigning the Editor Restrictions Rights Profile to All
Users
- access_times keyword
user_attr Database
Basics of User and Process Rights
- access_tz keyword
user_attr Database
Basics of User and Process Rights
- account locking
Restricting Users' Rights
- accounts
- locking and unlocking
How to Set Account Locking for Regular Users
- adding
- auditing of privileged actions
Auditing Administrative Actions
- authorizations
- to rights profile
Adding Authorizations to a Rights Profile
- to role
Assigning Authorizations to a Role
- to user
Assigning Authorizations Directly to a User
- cryptomgt role
Creating and Assigning a Role to Administer Cryptographic Services
- extended privileges
- by users
Users Locking Down the Applications That They Run
- to a database
How to Lock Down the MySQL Service
- to a port
How to Apply Extended Privilege Policy to a Port
- to a web server
How to Assign Specific Privileges to the Apache HTTP Server
- new authorization
How to Create an Authorization
- new rights profile
Creating Rights Profiles and Authorizations
- new rights profile from existing one
How to Clone and Modify a System Rights Profile
- privileges
- directly to role
Assigning Privileges Directly to a Role
- directly to user
Assigning Privileges Directly to a User
- to command in rights profile
Creating a Rights Profile That Includes Privileged Commands
- rights
- commands for
Commands for Administering Rights
- to legacy applications
Running an Application With Assigned Rights
- to rights profile
Creating Rights Profiles and Authorizations
- to roles
Creating a Role
- to users
Expanding Users' Rights
- rights profiles to list of profiles
Adding a Rights Profile as the Role's First Rights Profile
- roles
Assigning Rights to Users
- security-related role
Creating and Assigning a Role to Administer Cryptographic Services
- set ID
- to legacy applications
Assigning Security Attributes to a Legacy Application
- trusted users
Creating a Trusted User to Administer DHCP
- administering
- ARMOR roles
Using ARMOR Roles
- authorizations
How to Create an Authorization
How to Create an Authorization
- extended privilege policy
Locking Down Resources by Using Extended Privileges
- immutable zones
Administering Immutable Zones
- rights
- authorizations
How to Create an Authorization
- commands for
Commands for Administering Rights
- instructions
Using Your Assigned Administrative Rights
- legacy applications
Running an Application With Assigned Rights
Assigning Security Attributes to a Legacy Application
- of a role
Enabling a User to Use Own Password for Role Password
Changing a Role Password
Creating a Role
- of a user
Restricting Users' Rights
Expanding Users' Rights
- rights profiles
Creating Rights Profiles and Authorizations
- roles
How to Reorder Assigned Rights
- rights profiles
Assigning Rights Profiles in a Specific Order
Creating Rights Profiles and Authorizations
Modifying a Rights Profile to Enable a User to Use Own Password for Role Password
- role password
Changing a Role Password
Creating a Role
- roles to replace superuser
Following Your Chosen Rights Model
- user password to assume role
How to Reorder Assigned Rights
Enabling a User to Use Own Password for Role Password
- without privileges
Administrative Differences on a System With Privileges
- administrative accounts
- creating roles for
Creating a Role for an Application Administrator
- administrators
- adding to users' rights
Expanding Users' Rights
- installing ARMOR package
Using ARMOR Roles
- restricting access to a database
How to Lock Down the MySQL Service
- restricting access to a port
How to Apply Extended Privilege Policy to a Port
- restricting rights
Restricting an Administrator to Explicitly Assigned
Rights
- restricting users' rights
Restricting Users' Rights
- restricting web server privileges
How to Assign Specific Privileges to the Apache HTTP Server
- All rights profile
Rights Profiles Reference
- allocate command
- authorizations required for
Commands and Associated Authorizations
- Apache HTTP Server
- assigning extended privileges
How to Assign Specific Privileges to the Apache HTTP Server
- verifying use of privilege
How to Determine Which Privileges the Apache HTTP Server Is Using
- applications
- Apache HTTP Server
How to Assign Specific Privileges to the Apache HTTP Server
- assigning extended privileges
Protecting Directories on Your System From Application Processes
- assigning extended privileges to editors
Preventing Guests From Spawning Editor Subprocesses
- checking for authorizations
Checking for Authorizations in a Script or Program
- Firefox browser
Running a Browser in a Protected Environment
- legacy and privileges
Legacy Applications and the Use of Privileges
- limiting access to specified directories
Protecting Directories on Your System From Application Processes
- MySQL database
How to Lock Down the MySQL Service
- preventing from spawning new processes
Preventing Selected Applications From Spawning New
Processes
- privilege-aware
How Processes Get Privileges
How Privileges Are Implemented
- ARMOR
- assigning roles to trusted users
Using ARMOR Roles
- installing package
Using ARMOR Roles
- introduction to standard
User and Process Rights Provide an Alternative to the Superuser Model
- planning use of
Following Your Chosen Rights Model
- assigning
- authorizations in a rights profile
Adding Authorizations to a Rights Profile
- privileges
- to commands in a rights profile
Creating a Rights Profile That Includes Privileged Commands
- to commands in a script
How to Run a Shell Script With Privileged Commands
- to role
Assigning Privileges Directly to a Role
- to user
Assigning Privileges Directly to a User
- profile shell as login shell
Creating a Trusted User to Administer DHCP
Creating a Login for a Trusted User
- rights
- securely
Security Considerations When Assigning Rights
- to specific resources
Locking Down Resources by Using Extended Privileges
- to users
User and Process Rights Provide an Alternative to the Superuser Model
- usability considerations
Usability Considerations When Assigning Rights
- rights profile
- to a role
Creating a Role
- to a user
Creating a Trusted User to Administer DHCP
- rights profiles
How to Remove Unneeded Basic Privileges From Users
How to Set Account Locking for Regular Users
- rights to users
- to users
Restricting Users' Rights
Expanding Users' Rights
- role to a user locally
Creating a Role
- assuming role
- how to
Expanding Users' Rights
- in a terminal window
Assuming an ARMOR Role
- root
Assuming the root Role
- when assigned
Using Your Assigned Administrative Rights
- asterisk (*)
- checking for in authorizations
Checking for Authorizations in a Script or Program
- wildcard character
- in authorizations
Authorization Naming Conventions
- at command
- authorizations required for
Commands and Associated Authorizations
- atq command
- authorizations required for
Commands and Associated Authorizations
- Audit Configuration rights profile
- use of
Auditing Administrative Actions
- audit command
- –s option
Auditing Administrative Actions
- audit_flags keyword
- description
user_attr Database
- auditing
- privileges and
Privileged Actions in the Audit Record
- roles
Auditing Administrative Actions
- auth_attr database
auth_attr Database
Rights Databases
- auth_profiles keyword
- description
user_attr Database
- example of
Requiring a User to Type Password Before Administering DHCP
- AUTH_PROFS_GRANTED keyword
- policy.conf file
policy.conf File
- authenticated rights profiles
- assigning
Requiring a User to Type Password Before Administering DHCP
- keyword in policy.conf file
policy.conf File
- searched before rights profiles
How to Troubleshoot Rights Assignments
Order of Search for Assigned Rights
- authorizations See Also
rights- adding to rights profile
Adding Authorizations to a Rights Profile
- checking for wildcards
Checking for Authorizations in a Script or Program
- checking in privileged application
Applications That Check Authorizations
- commands requiring
Selected Commands That Require Authorizations
- compared to privileges
More About User Authorizations
Basics of User and Process Rights
- creating new ones
How to Create an Authorization
- database
auth_attr Database
Rights Databases
- delegating
Delegation Authority in Authorizations
- description
Authorizations Reference
More About User Authorizations
Basics of User and Process Rights
- effect of misspelling
How to Troubleshoot Rights Assignments
- granularity
Authorization Naming Conventions
- listing
Listing Authorizations
- misspelling
How to Troubleshoot Rights Assignments
- naming conventions
Authorization Naming Conventions
- preventing privilege escalation
Privilege Escalation and User Rights
- removing from rights profile
Cloning and Removing Selected Rights From a Rights Profile
- troubleshooting
How to Troubleshoot Rights Assignments
- auths command
- description
Rights Administration Commands
- –t option
How to Create an Authorization
- use
Listing Authorizations
How to Create an Authorization
Checking for Authorizations in a Script or Program
- auths keyword
- description
user_attr Database
Adding Authorizations to a Rights Profile
- use
Cloning and Removing Selected Rights From a Rights Profile
Cloning and Enhancing the Network IPsec Management Rights Profile
- AUTHS_GRANTED keyword
- policy.conf file
policy.conf File
B
- basic privilege set
How Privileges Are Implemented
- basic privileges
- limiting use by service
How to Lock Down the MySQL Service
- Basic Solaris User rights profile
Rights Profiles Reference
- browsers
- protecting user files with extended privileges
Users Locking Down the Applications That They Run
C
- capabilities See
rights
- cdrw command
- authorizations required for
Commands and Associated Authorizations
- changing
- password of role
Changing a Role Password
Creating a Role
- rights
- of a port
How to Apply Extended Privilege Policy to a Port
- of a script
How to Run a Shell Script With Privileged Commands
- of a web server
How to Assign Specific Privileges to the Apache HTTP Server
- of an application
Assigning Rights to Applications and Scripts
- of an editor
Preventing Guests From Spawning Editor Subprocesses
- of Firefox
Users Locking Down the Applications That They Run
- of role
Creating a Role
- to MySQL database
How to Lock Down the MySQL Service
- rights profile contents
Creating Rights Profiles and Authorizations
- root role into user
Changing Whether root Is a User or a Role
- umask
How to Set a More Restrictive umask Value for
Regular Users
- user file permissions
How to Set a More Restrictive umask Value for
Regular Users
- cloning
- rights profile contents
How to Clone and Modify a System Rights Profile
- commands
- determining user's privileged commands
Listing Privileges
- determining user's qualified attributes
Listing Qualified Attributes
- for administering privileges
Commands for Handling Privileges
- rights administration commands
Commands That Manage Authorizations, Rights Profiles, and Roles
- that assign privileges
Assigning Privileges to Users and Processes
- that check for privileges
Applications That Check for Privileges
- components
- rights management, of
Basics of User and Process Rights
- configuration files
- policy.conf file
Rights Administration Commands
- syslog.conf file
Files That Contain Privilege Information
- with privilege information
Files That Contain Privilege Information
- configuring
- authorizations
How to Create an Authorization
- power management
How to Remove Power Management Capability From Users
- privileged users
Creating a Trusted User to Administer DHCP
- protected database
How to Lock Down the MySQL Service
- protected port
How to Apply Extended Privilege Policy to a Port
- protected web server
How to Assign Specific Privileges to the Apache HTTP Server
- protection of user files from applications
Users Locking Down the Applications That They Run
- restricted users
Restricting Users' Rights
- rights
Restricting Users' Rights
Expanding Users' Rights
Following Your Chosen Rights Model
- rights profiles
Creating Rights Profiles and Authorizations
- roles
Creating a Role
Assigning Rights to Users
- root role as user
Changing Whether root Is a User or a Role
- trusted users
Creating a Role
- Console User rights profile
Rights Profiles Reference
How to Remove Power Management Capability From Users
- CONSOLE_USER keyword
- policy.conf file
policy.conf File
- creating
- ARMOR roles
Using ARMOR Roles
- authorization
How to Create an Authorization
- privileged users
Creating a Trusted User to Administer DHCP
- rights profiles
Creating Rights Profiles and Authorizations
Creating a Rights Profile for Administrators of a Third-Party Application
- roles
Assigning Rights to Users
- root user
How to Change the root Role Into a User
- crontab files
- authorizations required for
Commands and Associated Authorizations
- Crypto Management rights profile
- using in a role
Creating and Assigning a Role to Administer Cryptographic Services
- Cryptographic Framework
- administering with role
Creating and Assigning a Role to Administer Cryptographic Services
- curly braces ({})
- extended privileges syntax
How to Lock Down the MySQL Service
How to Apply Extended Privilege Policy to a Port
Enabling a Non-root Account to Read a root-Owned
File
Enabling a Trusted User to Read Extended Accounting Files
D
- daemons
- nscd (name service cache daemon)
Rights Administration Commands
- running with privileges
Visible Differences Between a System With Privileges and a System Without Privileges
- databases
- auth_attr
auth_attr Database
- exec_attr
exec_attr Database
- MySQL
How to Lock Down the MySQL Service
- prof_attr
prof_attr Database
- protecting with extended privileges
How to Lock Down the MySQL Service
- rights
Rights Databases
- user_attr
user_attr Database
- dax_access privilege
What's New in Rights in Oracle Solaris 11.3
- deallocate command
- authorizations required for
Commands and Associated Authorizations
- defaultpriv keyword
How to Remove Unneeded Basic Privileges From Users- description
user_attr Database
- defaults
- privileges settings in policy.conf file
Files That Contain Privilege Information
- delegating authorizations
Delegation Authority in Authorizations
- determining
- Apache HTTP Server's privileges
How to Determine Which Privileges the Apache HTTP Server Is Using
- privileges on a process
Listing the Privileges in Your Current Shell
- required privileges
How to Determine Which Privileges a Program Requires
- rights, available or assigned
Listing Rights and Their Definitions
- which rights model to use
Deciding Which Rights Model to Use for Administration
- devices
- rights model and
Privileges and Devices
- superuser model and
Privileges and Devices
- displaying
- roles you can assume
Rights Administration Commands
Assuming an ARMOR Role
- dot (.)
- authorization name separator
Authorization Naming Conventions
- double dollar sign ($$)
- parent shell process number
Listing the Privileges in Your Current Shell
- removing basic privilege from your shell
Removing a Basic Privilege From Yourself
E
- /etc/default/login file
How to Set Account Locking for Regular Users
- /etc/security/policy.conf file
- editing
How to Remove Unneeded Basic Privileges From Users
- /etc/security/policy.conf file
- editing
How to Remove Unneeded Basic Privileges From Users
How to Set Account Locking for Regular Users
- /etc/security/policy.conf file
- editing
How to Remove Power Management Capability From Users
- editors
- preventing from spawning new processes
Preventing Guests From Spawning Editor Subprocesses
- restricting for guest user
Preventing Guests From Spawning Editor Subprocesses
- effective privilege set
How Privileges Are Implemented
- escalation of privilege
- description
Privilege Escalation and User Rights
- preventing in devices
Privileges and Devices
- exacct files
- reading with Perl scripts
Enabling a Trusted User to Read Extended Accounting Files
- exec_attr database
exec_attr Database
Rights Databases
- expanding users rights
Expanding Users' Rights
- Extended Accounting Net Management rights profile
Enabling a Trusted User to Read Extended Accounting Files
- extended policy See
extended privileges
- extended privilege policy See
extended privileges
- extended privileges
- administering
Locking Down Resources by Using Extended Privileges
- assigned by regular users
Users Locking Down the Applications That They Run
- assigning
- in rights profile
Preventing Guests From Spawning Editor Subprocesses
- to a database
How to Lock Down the MySQL Service
- to a port
How to Apply Extended Privilege Policy to a Port
- to trusted users
Enabling a Trusted User to Read Extended Accounting Files
- to web server
How to Assign Specific Privileges to the Apache HTTP Server
- description
Using Extended Privilege Policy to Restrict Privilege Use
Expanding a User or Role's Privileges
- listing
How to Lock Down the MySQL Service
- PRIV_XPOLICY flag
How to Lock Down the MySQL Service
- protecting files of regular users
Users Locking Down the Applications That They Run
- reading root-owned files
Enabling a Non-root Account to Read a root-Owned
File
F
- FILE privileges
- description
Privilege Descriptions
- file_chown
How Processes Get Privileges
- file_chown_self
Privilege Escalation and Kernel Privileges
- files
- /etc/default/login
How to Set Account Locking for Regular Users
- containing privilege information
Files That Contain Privilege Information
- privileges relating to
Privilege Descriptions
- Firefox browser
- assigning extended privileges
Running a Browser in a Protected Environment
- flags
- PRIV_PFEXEC in profile shells
Determining Whether You Are Using a Profile Shell
- PRIV_XPOLICY on process
How to Lock Down the MySQL Service
G
- getent command
- description
Rights Administration Commands
- listing commands with assigned security attributes
Listing Privileges
- listing contents of rights databases
Listing Rights and Their Definitions
- listing definitions of all authorizations
Listing the Content of the Authorizations Database
- listing definitions of all rights profiles
Listing the Contents of the Rights Profiles Database
- listing qualified security attributes
Listing Qualified Attributes
- using
Changing the root User Into the root Role
H
- hardware
- restricting user control of
How to Remove Power Management Capability From Users
- host qualified attribute
- description
user_attr Database
I
- idlecmd keyword
- description
user_attr Database
- use
How to Troubleshoot Rights Assignments
- idletime keyword
- description
user_attr Database
- use
How to Troubleshoot Rights Assignments
- immutable zones
- administering
Administering Immutable Zones
- inheritable privilege set
How Privileges Are Implemented
- IPC privileges
Privilege Descriptions
- IPS packages See
packages
K
- kernel processes and privileges
Privileges Protecting Kernel Processes
- keywords
- defaultpriv
How to Remove Unneeded Basic Privileges From Users
- lock_after_retries
How to Set Account Locking for Regular Users
- RETRIES
How to Set Account Locking for Regular Users
L
- ldapaddent command
- listing all qualified security attributes
Listing Qualified Attributes
- least privilege
- principle of
Privileges Protecting Kernel Processes
- legacy applications and privileges
Assigning Security Attributes to a Legacy Application
Legacy Applications and the Use of Privileges
- limit privilege set
How Privileges Are Implemented
- limitpriv keyword
user_attr Database
- Linux behaviors
- sudo command
Creating a Role That Requires the User's Password
Using Your Assigned Administrative Rights
- user password when assuming role
Modifying a Rights Profile to Enable a User to Use Own Password for Role Password
Enabling a User to Use Own Password for Role Password
Enabling Users to Use Own Password for Role Password
- list_devices command
- authorizations required for
Commands and Associated Authorizations
- listing
- all rights
Listing Rights and Their Definitions
- authorizations
Listing Authorizations
- default rights configuration
Listing Rights and Their Definitions
- privileges
Listing Privileges
- qualifiers to security attributes
Listing Qualified Attributes
- rights
Listing Rights and Their Definitions
- rights of initial user
Listing Rights and Their Definitions
- rights profiles
Listing Rights Profiles
- roles
Listing Roles
- roles you can assume
Rights Administration Commands
Assuming an ARMOR Role
- your rights
Listing Rights and Their Definitions
- lock_after_retries keyword
How to Set Account Locking for Regular Users
- lock_after_retries keyword
- description
user_attr Database
- locking
- accounts
Restricting Users' Rights
- user account automatically
How to Set Account Locking for Regular Users
- logging in
- remote root login
Changing Whether root Is a User or a Role
- users' basic privilege set
How Privileges Are Implemented
M
- man pages
- commands that require authorizations
Selected Commands That Require Authorizations
- rights
Commands That Manage Authorizations, Rights Profiles, and Roles
- managing See
administering
- Media Backup rights profile
- assigning to trusted users
Distribution of Rights
- Media Restore rights profile
- preventing privilege escalation
Privilege Escalation and User Rights
- minus sign (-)
- keyword modifier
Modifying a Role's Rights
- modifying See
changing
- monitoring
- use of privileged commands
Auditing Administrative Actions
- MySQL database
- installing IPS package
How to Lock Down the MySQL Service
- protecting with extended privileges
How to Lock Down the MySQL Service
N
- naming conventions
- authorizations
Authorization Naming Conventions
- naming services
- rights databases and
Rights Databases and the Naming Services
- scope of assigned rights
Name Service Scope and Rights Verification
- NET privileges
Privilege Descriptions
- netgroup qualified attribute
- description
user_attr Database
- network
- privileges relating to
Privilege Descriptions
- Network IPsec Management rights profile
- adding solaris.admin.edit authorization
Cloning and Enhancing the Network IPsec Management Rights Profile
- non-UNIX accounts
- troubleshooting password assignments
Using the openldap System Account to Run a
cron Job
- nscd (name service cache daemon)
- use
Rights Administration Commands
O
- Object Access Management rights profile
How Processes Get Privileges
- obtaining
- privileged commands
Creating a Role
- privileges
Assigning Privileges Directly to a User
Assigning Privileges Directly to a Role
Assigning Privileges to Users and Processes
How Processes Get Privileges
- privileges on a process
Listing the Privileges in Your Current Shell
- one-time passwords
- requiring use of
Restricting Users' Rights
- one-time passwords (OTP)
What's New in Rights in Oracle Solaris 11.3
- Operator rights profile
- assigning to role
Distribution of Rights
- description
Rights Profiles Reference
- order of search
- authenticated rights profiles
Order of Search for Assigned Rights
- rights
Order of Search for Assigned Rights
- rights profiles example
Adding a Rights Profile as the Role's First Rights Profile
- user security attributes
Order of Search for Assigned Rights
P
- packages
- ARMOR
Using ARMOR Roles
- MySQL
How to Lock Down the MySQL Service
- PAM
- adding su stack to configuration file
Caching Authentication for Ease of Role Use
- modules
Caching Authentication for Ease of Role Use
- stack to cache authentication
Caching Authentication for Ease of Role Use
- time-sensitive user access
user_attr Database
Basics of User and Process Rights
- pam_roles module
Rights Administration Commands
- pam_tty_tickets module
Caching Authentication for Ease of Role Use
- pam_unix_account module
Rights Administration Commands
- passwd command
- changing password of role
Changing a Role Password
Creating a Role
- NP accounts
Using the openldap System Account to Run a
cron Job
- passwords
- changing role password
Changing a Role Password
Creating a Role
- locking out users
How to Set Account Locking for Regular Users
- overriding constraints
Overriding the Password Requirements for an Account
- unlocking user
How to Set Account Locking for Regular Users
- using user's to assume role
How to Reorder Assigned Rights
Enabling a User to Use Own Password for Role Password
- Perl scripts
- for extended accounting
Enabling a Trusted User to Read Extended Accounting Files
- permissions
- changing user file permissions
How to Set a More Restrictive umask Value for
Regular Users
- permissive security policy
- components of
Basics of User and Process Rights
- creating
Expanding Users' Rights
- permitted privilege set
How Privileges Are Implemented
- pfbash command
Rights Administration Commands
- pfedit command
Rights Administration Commands
Editing a System File
- pfexec command
Rights Administration Commands
Using Your Assigned Administrative Rights
- planning
- ARMOR role use
Following Your Chosen Rights Model
- rights model use
Following Your Chosen Rights Model
- use of rights
Following Your Chosen Rights Model
- plus sign (+)
- keyword modifier
Modifying a Role's Rights
- policy.conf file
- description
policy.conf File
- keywords
- for authenticated rights profiles
policy.conf File
- for authorizations
policy.conf File
- for privileges
Files That Contain Privilege Information
policy.conf File
- for rights profiles
policy.conf File
- for workstation owner
policy.conf File
- ports
- protecting with extended privileges
How to Apply Extended Privilege Policy to a Port
- power management
- configuring
How to Remove Power Management Capability From Users
- powers See
rights
- ppriv command
Commands for Handling Privileges
Listing the Privileges in Your Current Shell
Listing Privileges
- –eD option
How to Determine Which Privileges a Program Requires
How to Run a Shell Script With Privileged Commands
- –r option
Users Locking Down the Applications That They Run
- –s option
Protecting Directories on Your System From Application Processes
- predefined roles
- ARMOR standard
Using ARMOR Roles
User and Process Rights Provide an Alternative to the Superuser Model
- planning use of
Following Your Chosen Rights Model
- principle of least privilege
Privileges Protecting Kernel Processes
- Printer Management rights profile
Rights Profiles Reference
- priv.debug entry
- syslog.conf file
Files That Contain Privilege Information
- PRIV_DEFAULT keyword
- policy.conf file
policy.conf File
- PRIV_LIMIT keyword
- policy.conf file
Files That Contain Privilege Information
policy.conf File
- PRIV_PFEXEC flag
Determining Whether You Are Using a Profile Shell
- PRIV_PROC_LOCK_MEMORY privilege
Privileges and Resource Management
- PRIV_XPOLICY flag
How to Lock Down the MySQL Service
- privilege checking
Applications That Check for Privileges
- privilege sets
- adding privileges to
Assigning Privileges Directly to a User
Assigning Privileges Directly to a Role
Expanding a User or Role's Privileges
- basic
How to Troubleshoot Rights Assignments
Listing the Basic Privileges and Their Definitions
How Privileges Are Implemented
- effective
How Privileges Are Implemented
- inheritable
How Privileges Are Implemented
- limit
How to Troubleshoot Rights Assignments
How Privileges Are Implemented
- listing
Listing Privileges That Are Used in Privilege Assignment
How Privileges Are Implemented
- permitted
How Privileges Are Implemented
- removing privileges from
Creating a Sun Ray Users Rights Profile
Removing Basic Privileges From a Rights Profile
Creating a Remote Users Rights Profile
Removing a Basic Privilege From Yourself
Using Extended Privilege Policy to Restrict Privilege Use
Restricting Privileges for a User or Role
- privileged application
- authorization checking
Applications That Check Authorizations
- checking for security attributes
Applications That Check for Rights
- description
Basics of User and Process Rights
- ID checking
Applications That Check UIDs and GIDs
- privilege checking
Applications That Check for Privileges
- privileged users See
trusted users
- privileges
- adding to command in rights profile
Creating a Rights Profile That Includes Privileged Commands
- assigning
- to a command
Assigning Privileges to Users and Processes
- to a script
Assigning Privileges to a Script
- to a user
Assigning Privileges to Users and Processes
- to Apache HTTP Server
How to Assign Specific Privileges to the Apache HTTP Server
- to MySQL database
How to Lock Down the MySQL Service
- to role
Assigning Privileges Directly to a Role
- to user
Assigning Privileges Directly to a User
- auditing and
Privileged Actions in the Audit Record
- categories
Privilege Descriptions
- checking in applications
Applications That Check for Privileges
- commands
Commands for Handling Privileges
- compared to authorizations
More About User Authorizations
Basics of User and Process Rights
- compared to superuser model
Process Rights Management
- dax_access
What's New in Rights in Oracle Solaris 11.3
- debugging
Files That Contain Privilege Information
Debugging Use of Privilege
- description
Privilege Descriptions
Privilege Descriptions
Basics of User and Process Rights
- devices and
Privileges and Devices
- differences from superuser model
Administrative Differences on a System With Privileges
- escalation prevention at user level
Privilege Escalation and User Rights
- escalation prevention in kernel
Privilege Escalation and Kernel Privileges
- expanding user or role's
Expanding a User or Role's Privileges
- extended privilege policy
Using Extended Privilege Policy to Restrict Privilege Use
Expanding a User or Role's Privileges
- files
Files That Contain Privilege Information
- finding missing
Using the ppriv Command to Examine Privilege Use in a Profile Shell
- implemented in sets
How Privileges Are Implemented
- inherited by processes
How Processes Get Privileges
- legacy applications and
Assigning Security Attributes to a Legacy Application
Legacy Applications and the Use of Privileges
- limiting users
How to Remove Unneeded Basic Privileges From Users
- listing on a process
Listing the Privileges in Your Current Shell
- PRIV_PROC_LOCK_MEMORY
Privileges and Resource Management
- processes with assigned privileges
How Processes Get Privileges
- programs aware of privileges
How Processes Get Privileges
- protecting kernel processes
Privileges Protecting Kernel Processes
- removing
- basic privilege
Removing Basic Privileges From a Rights Profile
- basic privilege from your process
Removing a Basic Privilege From Yourself
- from a rights profile
Removing Basic Privileges From a Rights Profile
- from a user
Restricting Privileges for a User or Role
- from a user's limit set
Removing Privileges From a User's Limit Set
- from yourself
Removing a Basic Privilege From Yourself
- removing basic
How to Remove Unneeded Basic Privileges From Users
- troubleshooting
- lack of
How to Determine Which Privileges a Program Requires
- user assignment
How to Troubleshoot Rights Assignments
- using in shell script
How to Run a Shell Script With Privileged Commands
- privileges keyword
- listing
Listing Privileges
- PROC privileges
- description
Privilege Descriptions
- proc_owner
Privileges and Devices
- process privileges
Privilege Descriptions
- process rights management See
privileges, rights
- prof_attr database
prof_attr Database- summary
Rights Databases
- profile shells
- assigning to users
Creating a Login for a Trusted User
- description
Profile Shells and Rights Verification
- determining if PRIV_PFEXEC flag is set
Determining Whether You Are Using a Profile Shell
- login shells for trusted users
Creating a Trusted User to Administer DHCP
- opening
Using Your Assigned Administrative Rights
- reading exacct network files
Enabling a Trusted User to Read Extended Accounting Files
- restricting rights
Restricting an Administrator to Explicitly Assigned
Rights
- profiles See
rights profiles
- profiles command
- creating rights profiles
How to Create a Rights Profile
- description
Rights Administration Commands
- listing user's authenticated rights profiles
Listing Rights Profiles
- listing user's rights profiles
Listing Rights and Their Definitions
- use
Listing Rights Profiles
- profiles keyword
- description
user_attr Database
- listing
Listing Rights Profiles
- PROFS_GRANTED keyword
- policy.conf file
policy.conf File
- programs See
applications
- project.max-locked-memory resource control
Privileges and Resource Management
- pwhash command
What's New in Rights in Oracle Solaris 11.3
Q
- qualified user attributes
- description
About Qualified User Attributes
- overview
Basics of User and Process Rights
- qualifier attribute
- listing
Listing Qualified Attributes
- user_attr database
user_attr Database
R
- –R option
- useradd command
Rights Administration Commands
- removing
- basic privilege from application
Users Locking Down the Applications That They Run
How to Lock Down the MySQL Service
- basic privilege from rights profile
Removing Basic Privileges From a Rights Profile
- basic privilege from yourself
Removing a Basic Privilege From Yourself
- basic privileges from a rights profile
Removing Basic Privileges From a Rights Profile
- limit privilege from user
Removing Privileges From a User's Limit Set
- power management capability from users
How to Remove Power Management Capability From Users
- privileges from a user
How to Remove Unneeded Basic Privileges From Users
- role assignments
How to Change the root Role Into a User
- users' rights
Restricting Users' Rights
- replacing
- keyword values
Requiring a User to Type Password Before Administering DHCP
Modifying a Role's Rights
- root role with root user
How to Change the root Role Into a User
- root user with root role
Changing the root User Into the root Role
- superuser with roles
Following Your Chosen Rights Model
- resource controls
- privileges, and
Privileges and Resource Management
- project.max-locked-memory
Privileges and Resource Management
- zone.max-locked-memory
Privileges and Resource Management
- restricted files
- enabling read access to
Enabling a Trusted User to Read Extended Accounting Files
- enabling write access to
Cloning and Enhancing the Network IPsec Management Rights Profile
Editing a System File
- restricting
- access to computer by time and day
Basics of User and Process Rights
- database privileges
How to Lock Down the MySQL Service
- editor of guest user
Preventing Guests From Spawning Editor Subprocesses
- guest access to system
Assigning the Editor Restrictions Rights Profile to All
Users
- login attempts
Restricting Users' Rights
- port privileges
How to Apply Extended Privilege Policy to a Port
- rights in a rights profile
Creating a Sun Ray Users Rights Profile
Removing Basic Privileges From a Rights Profile
Creating a Remote Users Rights Profile
- user control of hardware
How to Remove Power Management Capability From Users
- user file permissions
How to Set a More Restrictive umask Value for
Regular Users
- web server privileges
How to Assign Specific Privileges to the Apache HTTP Server
- restrictive security policy
- components of
Basics of User and Process Rights
- creating
Restricting Users' Rights
- enforcing
Locking Down Resources by Using Extended Privileges
- RETRIES keyword
How to Set Account Locking for Regular Users
- rights See Also
authorizations, privileges, rights profiles, roles- access_times keyword
Basics of User and Process Rights
- access_tz keyword
Basics of User and Process Rights
- account locking
Restricting Users' Rights
- adding privileged users
Creating a Trusted User to Administer DHCP
- administration commands
Commands That Manage Authorizations, Rights Profiles, and Roles
- assigning
Expanding Users' Rights- authenticated rights profiles
Requiring a User to Type Password Before Administering DHCP
- to restrict users
Restricting Users' Rights
- to users
Assigning Rights to Users
- auditing use of
Auditing Administrative Actions
- authorization database
auth_attr Database
- authorizations
More About User Authorizations
- basic concepts
Basics of User and Process Rights
- changing role passwords
Changing a Role Password
Creating a Role
- checking for
Applications That Check UIDs and GIDs
Rights Verification
- checking scripts or programs for authorizations
Checking for Authorizations in a Script or Program
- commands for
Commands for Administering Rights
- commands for managing
Commands That Manage Authorizations, Rights Profiles, and Roles
- compared to superuser model
User and Process Rights Provide an Alternative to the Superuser Model
- configuring
Restricting Users' Rights
Expanding Users' Rights
- considerations when directly assigning
Considerations When Assigning Rights
- creating authorizations
How to Create an Authorization
- creating rights profiles
Creating Rights Profiles and Authorizations
- databases
Rights Databases
- defaults
Listing Rights and Their Definitions
- elements
Basics of User and Process Rights
- expanding users
Expanding Users' Rights
- gaining administrative
Using Your Assigned Administrative Rights
- limiting login attempts
Restricting Users' Rights
- listing all
Listing Rights and Their Definitions
- modifying roles
Creating a Role
- naming services and
Rights Databases and the Naming Services
- Network Security rights profile
Example of a User Rights and Process Rights Assignment
- new features in this release
What's New in Rights in Oracle Solaris 11.3
- order of search
Order of Search for Assigned Rights
- planning use of
Following Your Chosen Rights Model
- privileges on commands
Applications That Check for Privileges
- profile shells
Profile Shells and Rights Verification
- reading exacct network files
Enabling a Trusted User to Read Extended Accounting Files
Enabling a Trusted User to Read Extended Accounting Files
- recommended roles
User and Process Rights Provide an Alternative to the Superuser Model
- removing from users
Restricting Users' Rights
- restricting administrator to explicitly assigned
Restricting an Administrator to Explicitly Assigned
Rights
- restricting rights
Restricting an Administrator to Explicitly Assigned
Rights
- restricting users to specific times of access
Basics of User and Process Rights
- restricting users'
Restricting Users' Rights
- rights profile database
prof_attr Database
- rights profiles
More About Rights Profiles
- search order
Order of Search for Assigned Rights
- securing scripts
Assigning Rights to Applications and Scripts
- security considerations when assigning
Security Considerations When Assigning Rights
- special ID on commands
Applications That Check UIDs and GIDs
- troubleshooting
How to Troubleshoot Rights Assignments
- usability considerations when assigning
Usability Considerations When Assigning Rights
- using user password to assume role
How to Reorder Assigned Rights
Enabling a User to Use Own Password for Role Password
- viewing all
Listing Rights and Their Definitions
- viewing your
Listing Rights and Their Definitions
- rights management See
privileges, rights
- rights profiles
- adding privileges to command
Creating a Rights Profile That Includes Privileged Commands
- adding solaris.admin.edit authorization
Cloning and Enhancing the Network IPsec Management Rights Profile
- All
Rights Profiles Reference
- assigning
- to users
Creating a Trusted User to Administer DHCP
- assigning to trusted users
Distribution of Rights
- authenticating with user's password
Assigning Rights Profiles in a Specific Order
Modifying a Rights Profile to Enable a User to Use Own Password for Role Password
- Basic Solaris User
Rights Profiles Reference
- changing contents of
Creating Rights Profiles and Authorizations
- cloning contents of
How to Clone and Modify a System Rights Profile
- compared to roles
More About Roles
- Console User
Rights Profiles Reference
How to Remove Power Management Capability From Users
How to Remove Power Management Capability From Users
Order of Search for Assigned Rights
- contents of typical
Rights Profiles Reference
- creating
How to Create a Rights Profile
- creating and assigning
How to Remove Unneeded Basic Privileges From Users
How to Set Account Locking for Regular Users
- creating for remote users
Creating a Remote Users Rights Profile
- creating for Sun Ray users
Creating a Sun Ray Users Rights Profile
- databases See
exec_attr database, prof_attr database
- description
More About Rights Profiles
Basics of User and Process Rights
- Extended Accounting Net Management
Enabling a Trusted User to Read Extended Accounting Files
- first in list
Adding a Rights Profile as the Role's First Rights Profile
- major rights profiles descriptions
Rights Profiles Reference
- modifying
Creating Rights Profiles and Authorizations
- Network IPsec Management
Cloning and Enhancing the Network IPsec Management Rights Profile
- Object Access Management
How Processes Get Privileges
- Operator
Rights Profiles Reference
- order of search
Order of Search for Assigned Rights
- preventing privilege escalation
Privilege Escalation and User Rights
Distribution of Rights
- Printer Management
Rights Profiles Reference
- removing authorizations
Cloning and Removing Selected Rights From a Rights Profile
- restricting basic privileges
Removing Basic Privileges From a Rights Profile
- restricting rights of all users of a system
Modifying the policy.conf File to Limit the
Rights Available to System Users
- Stop
Rights Profiles Reference
Order of Search for Assigned Rights
- System Administrator
Rights Profiles Reference
- third-party applications
Creating a Rights Profile for Administrators of a Third-Party Application
- troubleshooting
How to Troubleshoot Rights Assignments
- viewing contents
Viewing the Contents of Rights Profiles
- VSCAN Management
Cloning and Removing Selected Rights From a Rights Profile
- role-based access control (RBAC) See
rights
- roleadd command
- authorizations required for
Commands and Associated Authorizations
- description
Rights Administration Commands
Rights Administration Commands
- example of using
Creating and Assigning a Role to Administer Cryptographic Services
- –P option
Caching Authentication for Ease of Role Use
- –s option
Creating a User Administrator Role in the LDAP Repository
- –S option
Creating a User Administrator Role in the LDAP Repository
- roleauth keyword
- example of using
Changing the Value of roleauth for a Role in the LDAP Repository
Enabling a User to Use Own Password for Role Password
Enabling Users to Use Own Password for Role Password
- passwords for roles
How to Reorder Assigned Rights
Enabling a User to Use Own Password for Role Password
- use
Caching Authentication for Ease of Role Use
- roledel command
- authorizations required for
Commands and Associated Authorizations
- example of using
Deleting a Role
- rolemod command
- assigning rights to a role
Replacing a Local Role's Assigned Profiles
- authorizations required for
Commands and Associated Authorizations
- changing rights of role
Replacing a Local Role's Assigned Profiles
- description
Rights Administration Commands
- example of using
Enabling a User to Use Own Password for Role Password
Enabling Users to Use Own Password for Role Password
- –K option
How to Change the root Role Into a User
- passwords for roles
How to Reorder Assigned Rights
Enabling a User to Use Own Password for Role Password
- roles
- ARMOR
User and Process Rights Provide an Alternative to the Superuser Model
- assigning
- privileges to
Assigning Privileges Directly to a Role
- rights
Assigning Rights to Users
- with usermod command
Creating a Role
- assuming
- after login
More About Roles
- ARMOR
Assuming an ARMOR Role
- in a terminal window
Assuming an ARMOR Role
Profile Shells and Rights Verification
- root role
Assuming the root Role
- to use assigned rights
Using Your Assigned Administrative Rights
- auditing
Auditing Administrative Actions
- authenticating with user's password
How to Reorder Assigned Rights
Enabling a User to Use Own Password for Role Password
- changing password of
Changing a Role Password
Creating a Role
- changing properties of
Creating a Role
- compared to rights profiles
More About Roles
- configured like sudo
Creating a Role That Requires the User's Password
- creating
Assigning Rights to Users
- creating ARMOR
Using ARMOR Roles
- creating for administrative accounts
Creating a Role for an Application Administrator
- deleting
Deleting a Role
- description
More About Roles
- determining directly assigned privileges
Adding to a Role's Basic Privileges
- determining role's privileged commands
Determining the Privileged Commands of a Role
- listing local roles
Rights Administration Commands
Assuming an ARMOR Role
- making root role into user
Changing Whether root Is a User or a Role
- modifying
Creating a Role
- planning predefined
Following Your Chosen Rights Model
- predefined
Using ARMOR Roles
User and Process Rights Provide an Alternative to the Superuser Model
- removing assignment from users
How to Change the root Role Into a User
- separation of duty
Using Two Roles to Configure Auditing
Creating Roles for Separation of Duty
- summary
Basics of User and Process Rights
- use in user rights assignment
User and Process Rights Provide an Alternative to the Superuser Model
- using an assigned role
Assuming an ARMOR Role
- using user password
Modifying a Rights Profile to Enable a User to Use Own Password for Role Password
Example of a User Rights and Process Rights Assignment
- with user passwords
Creating a Role That Requires the User's Password
- roles command
- description
Rights Administration Commands
- using
Assuming an ARMOR Role
- roles keyword
- listing
Listing Roles
- root role
- assuming role
Assuming the root Role
- changing from root user
Changing the root User Into the root Role
- changing to root user
Changing Whether root Is a User or a Role
- created at installation
Distribution of Rights
- description
Distribution of Rights
- overriding password constraints
Overriding the Password Requirements for an Account
- secure remote login
Changing Whether root Is a User or a Role
- troubleshooting
Preventing the root Role From Being Used to Maintain a System
- root user
- changing into root role
Changing the root User Into the root Role
- replacing in rights model
More About Roles
S
- applications
- protecting administrative accounts
Creating a Role for an Application Administrator
- –S option
- profiles command
Creating a Sun Ray Users Rights Profile
- scope of assigned rights
Name Service Scope and Rights Verification
- scripts
- checking for authorizations
Checking for Authorizations in a Script or Program
- for extended accounting
Enabling a Trusted User to Read Extended Accounting Files
- Perl scripts
Enabling a Trusted User to Read Extended Accounting Files
- running with privileges
Assigning Privileges to a Script
- securing
Assigning Rights to Applications and Scripts
- use of privileges in
How to Run a Shell Script With Privileged Commands
- security attributes See Also
rights- description
Basics of User and Process Rights
- qualified
About Qualified User Attributes
Basics of User and Process Rights
- security policy
- default rights
Rights Databases
- restrictive and permissive
Basics of User and Process Rights
- security properties See
rights
- sendmail command
- authorizations required for
Commands and Associated Authorizations
- separation of duty
- security and non-security roles
Creating Roles for Separation of Duty
- two roles to handle auditing
Using Two Roles to Configure Auditing
- shell commands
- passing parent shell process number
Listing the Privileges in Your Current Shell
- shells
- determining if privileged
Determining Whether You Are Using a Profile Shell
- listing privileges on process
Listing the Privileges in Your Current Shell
- privileged versions
Profile Shells and Rights Verification
- troubleshooting if profile
How to Troubleshoot Rights Assignments
- usability considerations
Usability Considerations When Assigning Rights
- writing privileged scripts
How to Run a Shell Script With Privileged Commands
- smart cards
What's New in Rights in Oracle Solaris 11.3
- solaris.*.assign authorizations
- preventing privilege escalation
Privilege Escalation and User Rights
- solaris.admin.edit authorization
- adding to rights profile
Cloning and Enhancing the Network IPsec Management Rights Profile
- solaris.smf.value authorization
- removing from rights profile
Cloning and Removing Selected Rights From a Rights Profile
- Stop rights profile
Rights Profiles Reference
- su command
- becoming root
How to Change the root Role Into a User
- changing to a role
Creating and Assigning a Role to Administer Cryptographic Services
- in role assumption
Assuming an ARMOR Role
- subshells
- restricting editing rights
Preventing Guests From Spawning Editor Subprocesses
- sudo
- roles configured like
Creating a Role That Requires the User's Password
- sudo command
- using in Oracle Solaris
Using Your Assigned Administrative Rights
Deciding Which Rights Model to Use for Administration
- superuser
- compared to rights model
Process Rights Management
User and Process Rights Provide an Alternative to the Superuser Model
- differences from rights model
Administrative Differences on a System With Privileges
- eliminating by delegating rights
More About Roles
- troubleshooting becoming root as a role
Preventing the root Role From Being Used to Maintain a System
- svc:/application/database/mysql:version_55
How to Lock Down the MySQL Service
- svc:/network/http:Apache2
How to Assign Specific Privileges to the Apache HTTP Server
- svc:/system/name-service/switch
How to Troubleshoot Rights Assignments
Name Service Scope and Rights Verification
- svccfg command
- –s option
How to Troubleshoot Rights Assignments
How to Assign Specific Privileges to the Apache HTTP Server
- svcprop command
- –s option
How to Lock Down the MySQL Service
- SYS privileges
Privilege Descriptions
- syslog.conf file
Files That Contain Privilege Information
- System Administrator rights profile
- assigning to role
Distribution of Rights
- description
Rights Profiles Reference
- system properties
- privileges relating to
Privilege Descriptions
- system security
- privileges
Process Rights Management
- using rights
User and Process Rights Provide an Alternative to the Superuser Model
- System V IPC privileges
Privilege Descriptions
T
- third-party applications
- creating rights profiles for
Creating a Rights Profile for Administrators of a Third-Party Application
- troubleshooting
- assigning passwords for cron jobs
Using the openldap System Account to Run a
cron Job
- failed use of privilege
How to Determine Which Privileges a Program Requires
- lack of privilege
How to Determine Which Privileges a Program Requires
- non-UNIX passwords
Using the openldap System Account to Run a
cron Job
- privilege requirements
How to Determine Which Privileges a Program Requires
- rights
How to Troubleshoot Rights Assignments
- rights assignments
How to Troubleshoot Rights Assignments
- root as a role
Preventing the root Role From Being Used to Maintain a System
- user running privileged commands
How to Troubleshoot Rights Assignments
- user running privileged shell
Determining Whether You Are Using a Profile Shell
- truss -t command
- for privilege debugging
Using the truss Command to Examine Privilege Use
- trusted users
- assigning extended privileges to
Enabling a Trusted User to Read Extended Accounting Files
- assigning roles to
Adding a Role to a User
Using ARMOR Roles
- creating
Expanding Users' Rights
Creating a Role
- profile shell as login shell
Creating a Trusted User to Administer DHCP
U
- –U option
- list_devices command
Commands and Associated Authorizations
- umask value, making more restrictive
How to Set a More Restrictive umask Value for
Regular Users
- unlocking user account
How to Set Account Locking for Regular Users
- user procedures
- assuming a role
Assuming an ARMOR Role
- protecting own files from application access
Users Locking Down the Applications That They Run
- using an assigned role
Assuming an ARMOR Role
- using extended privileges
Users Locking Down the Applications That They Run
- user_attr database
user_attr Database
Rights Databases
- useradd command
- authorizations required for
Commands and Associated Authorizations
- description
Rights Administration Commands
- example of using
Creating a Login for a Trusted User
- userattr command
- description
Rights Administration Commands
- use
How to Troubleshoot Rights Assignments
Preventing the root Role From Being Used to Maintain a System
Removing Privileges From a User's Limit Set
- userdel command
- authorizations required for
Commands and Associated Authorizations
- description
Rights Administration Commands
- usermod command
- authorizations required for
Commands and Associated Authorizations
- description
Rights Administration Commands
- –R option
Changing the root User Into the root Role
Caching Authentication for Ease of Role Use
- using to assign role
Creating a Role
- users
- assigning
- authenticated rights profiles
Requiring a User to Type Password Before Administering DHCP
- privileges to
Assigning Privileges Directly to a User
- rights
Assigning Rights to Users
- rights defaults
policy.conf File
- rights profiles
Creating a Trusted User to Administer DHCP
- authenticating to rights profile
Assigning Rights Profiles in a Specific Order
Modifying a Rights Profile to Enable a User to Use Own Password for Role Password
- authenticating to role
How to Reorder Assigned Rights
Enabling a User to Use Own Password for Role Password
- basic privilege set
How Privileges Are Implemented
- creating root user
How to Change the root Role Into a User
- creating with useradd command
Creating a Role
- determining hosts where attributes are valid
Listing Qualified Attributes
- determining if running a profile shell
Determining Whether You Are Using a Profile Shell
- determining own privileged commands
Listing Privileges
- expanding rights
Expanding Users' Rights
- file permissions
- restricting
How to Set a More Restrictive umask Value for
Regular Users
- guest restrictions
Preventing Guests From Spawning Editor Subprocesses
- initial inheritable privileges
How Privileges Are Implemented
- locking account
How to Set Account Locking for Regular Users
- managing third-party accounts
Creating a Rights Profile for Administrators of a Third-Party Application
- protecting their files from access by applications
Users Locking Down the Applications That They Run
- protecting their files from web application access
Users Locking Down the Applications That They Run
- removing basic privileges
How to Remove Unneeded Basic Privileges From Users
- removing rights
Restricting Users' Rights
- requiring use of one-time password
Restricting Users' Rights
- restricting control of hardware
How to Remove Power Management Capability From Users
- restricting file permissions
How to Set a More Restrictive umask Value for
Regular Users
- troubleshooting running privileged commands
How to Troubleshoot Rights Assignments
- umask value
How to Set a More Restrictive umask Value for
Regular Users
- unlocking accounts of
How to Set Account Locking for Regular Users
- using rights profile
Assigning Rights Profiles in a Specific Order
Modifying a Rights Profile to Enable a User to Use Own Password for Role Password
- using
- auths command
How to Create an Authorization
- getent command
Listing Privileges
Listing the Contents of the Rights Profiles Database
Listing the Content of the Authorizations Database
Changing the root User Into the root Role
- ipadm set-prop command
How to Lock Down the MySQL Service
- ppriv command
Listing the Privileges in Your Current Shell
Listing the Privileges in Your Current Shell
- profiles command
Modifying a Rights Profile to Enable a User to Use Own Password for Role Password
Creating and Assigning a Role to Administer Cryptographic Services
- rights defaults
Listing Rights and Their Definitions
- rolemod command
Assigning Privileges Directly to a Role
- roles command
Listing Your Assigned Roles
- sudo command
Deciding Which Rights Model to Use for Administration
- svccfg command
How to Troubleshoot Rights Assignments
How to Apply Extended Privilege Policy to a Port
- svcprop command
How to Lock Down the MySQL Service
- truss command
Using the truss Command to Examine Privilege Use
- usermod command
Assigning Privileges Directly to a User
- your assigned administrative rights
Using Your Assigned Administrative Rights
V
- viewing
- contents of rights profiles
Viewing the Contents of Rights Profiles
- directly assigned privileges
Assigning Privileges Directly to a User
- privileges in a shell
Listing the Privileges in Your Current Shell
Adding to a Role's Basic Privileges
- privileges on a process
Listing the Privileges in Your Current Shell
- rights of initial user
Listing Rights and Their Definitions
- your rights
Listing Rights and Their Definitions
- VSCAN Management rights profile
- cloning to modify
Cloning and Removing Selected Rights From a Rights Profile
W
- web browsers
- assigning limited privileges
Running a Browser in a Protected Environment
- web servers
- Apache HTTP Server
How to Assign Specific Privileges to the Apache HTTP Server
- checking protections
How to Determine Which Privileges the Apache HTTP Server Is Using
- protecting with extended privileges
How to Assign Specific Privileges to the Apache HTTP Server
- wildcard characters
- in authorizations
Authorization Naming Conventions
Z
- zone.max-locked-memory resource control
Privileges and Resource Management