pfedit - per-file authorized edit of administrative files
pfedit [-r] [-s] file
The pfedit command allows authorized users to edit system configuration files. The file argument is a pathname of the file to be edited. If file is not an absolute pathname, the pathname of the current working directory is prepended, and all further processing proceeds as if that were the argument. The invoking user must have the authorization solaris.admin.edit/path_to_file or the blanket authorization solaris.admin.edit. The pfedit command allows use of symbolic links, by also checking for authorization for the realpath(3C) of file.
The pfedit command creates a copy of file owned by the invoking user, then invokes an editor on that file using the id and privileges of the invoking user. The default editor is /usr/bin/vi, but can be selected through the use of the EDITOR or VISUAL environment variable; if both are set, VISUAL has precedence. When the user exits the editor and if the copied file has been updated, the updated contents are applied atomically to file. All discretionary access attributes (owner, group, permissions and ACLs) of file are retained, together with any system or extended attributes on the original file. In any case, the user-owned file copy is removed before pfedit exits.
If file does not exist the file will be created with owner root, group root. The file permissions will be 644 (-rw-r--r--) unless the –s option is selected, then the file permissions will be 600 (-rw-------). After creation, the previously described operations are applied that file. If pfedit has been used to create and modify file, the –r option can be used to remove file.
The pfedit command sets a discretionary lock on file, so that simultaneous updates by means of pfedit are prohibited.
The pfedit command is careful not to break hard links to other files. Since the atomic update requires replacement of the existing file with a new one with the updated contents, pfedit will refuse to operate on a file with a link count greater than one.
The pfedit command is restricted to editing text files, and will not accept updates which include non-text characters (NULs).
If configured, in the case of a successful update, an attempt to make unauthorized use, or if an error occurs, an audit record is generated to capture the subject, the file name, the authorization used, the file change if any, and the success or failure of the operation. The audit event type and default class is one of:
AUE_admin_edit:edit administrative file:as AUE_admin_file_create:create administrative file:as AUE_admin_file_remove:remove administrative file:as
The following option is supported:
Remove specified file (if file has been created by pfedit ).
Mark a file "sensitive" (only valid when creating a file with pfedit).
To create a profile with solaris.admin.edit authorization that can be assigned to users to modify /etc/syslog.conf, use the profiles(1) command.
% profiles -p "syslog Configure" profiles: syslog Configure> set auths=solaris.admin.edit/etc/syslog.conf profiles: syslog Configure> set desc="Edit syslog configuration" profiles: syslog Configure> exitExample 2 Modifying /etc/syslog.conf
If a user has the “syslog Configure” profile as configured in the previous example then invoking:
# pfedit /etc/syslog.conf
...creates a copy of /etc/syslog.conf owned by that user, and by default invokes /usr/bin/vi running as that user on the copy. When the user exits the editor, /etc/syslog.conf is atomically updated with the contents saved by the user.
The pfedit command has an exit value of 0 if it completes successfully, and a non-zero value if any part of the operation fails.
See attributes(7) for descriptions of the following attributes:
Oracle Solaris includes administrative configuration files for which use of pfedit and the solaris.admin.edit/ path_to_file authorization is not recommended. Alternate commands exist which are both domain-specific and safer. For example, for the /etc/passwd , /etc/shadow, or /etc/user_attr files, use instead passwd(1), useradd(8), userdel(8), or usermod(8). For the /etc/group file, use instead groupadd(8), groupdel(8), or groupmod(8). For updating /etc/security/auth_attr , /etc/security/exec_attr, or /etc/security/prof_attr , the preferred command is profiles(1).
The ability to modify the contents of some configuration files can be used to escalate the privileges assigned to the user. Assignment of an authorization to edit such a file, or of a profile containing such an authorization, should be considered equivalent to providing full privileged access.
Files with the "sensitive" System Attribute or created with the –s option do not have the contents or content changes included in the audit record.