exec_attr.txt revision 12206:96c3e6ae396d
1# Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 2 3# 4# /etc/security/exec_attr 5# 6# execution attributes for profiles. see exec_attr(4) 7# 8# 9All:suser:cmd:::*: 10Audit Control:suser:cmd:::/etc/security/bsmconv:uid=0 11Audit Control:suser:cmd:::/etc/security/bsmunconv:uid=0 12Audit Control:solaris:cmd:::/usr/sbin/audit:privs=sys_audit,file_dac_read,proc_owner 13Audit Control:suser:cmd:::/usr/sbin/audit:euid=0 14Audit Control:suser:cmd:::/usr/sbin/auditconfig:euid=0 15Audit Control:suser:cmd:::/usr/sbin/auditd:uid=0 16Audit Review:suser:cmd:::/usr/sbin/auditreduce:euid=0 17Audit Review:suser:cmd:::/usr/sbin/auditstat:euid=0 18Audit Review:suser:cmd:::/usr/sbin/praudit:euid=0 19Contract Observer:solaris:cmd:::/usr/bin/ctwatch:\ 20 privs=contract_event,contract_observer 21Cron Management:suser:cmd:::/usr/bin/crontab:euid=0 22Crypto Management:suser:cmd:::/usr/sbin/cryptoadm:euid=0 23Crypto Management:suser:cmd:::/usr/bin/kmfcfg:euid=0 24Crypto Management:suser:cmd:::/usr/sfw/bin/openssl:euid=0 25Crypto Management:suser:cmd:::/usr/sfw/bin/CA.pl:euid=0 26DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/dhcpconfig:uid=0 27DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/dhtadm:uid=0 28DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/pntadm:uid=0 29Device Management:suser:cmd:::/usr/sbin/allocate:uid=0 30Device Management:suser:cmd:::/usr/sbin/add_drv:uid=0 31Device Management:suser:cmd:::/usr/sbin/deallocate:uid=0 32Device Management:suser:cmd:::/usr/sbin/rem_drv:uid=0 33Device Management:suser:cmd:::/usr/sbin/update_drv:uid=0 34Device Security:suser:cmd:::/usr/sbin/add_drv:uid=0 35Device Security:suser:cmd:::/usr/sbin/devfsadm:uid=0 36Device Security:suser:cmd:::/usr/sbin/eeprom:uid=0 37Device Security:solaris:cmd:::/usr/bin/kbd:uid=0;gid=sys 38Device Security:suser:cmd:::/usr/sbin/list_devices:euid=0 39Device Security:suser:cmd:::/usr/sbin/rem_drv:uid=0 40Device Security:suser:cmd:::/usr/sbin/strace:euid=0 41Device Security:suser:cmd:::/usr/sbin/update_drv:uid=0 42Device Security:suser:cmd:::/usr/sbin/add_allocatable:euid=0 43Device Security:suser:cmd:::/usr/sbin/remove_allocatable:euid=0 44FTP Management:suser:cmd:::/usr/sbin/ftpaddhost:uid=0 45FTP Management:suser:cmd:::/usr/sbin/ftpconfig:uid=0 46FTP Management:suser:cmd:::/usr/sbin/ftprestart:euid=0 47FTP Management:suser:cmd:::/usr/sbin/ftpshut:euid=0;egid=sys 48FTP Management:suser:cmd:::/usr/sbin/privatepw:uid=0;egid=sys 49File System Management:solaris:cmd:::/sbin/mount:privs=sys_mount 50File System Management:solaris:cmd:::/sbin/umount:privs=sys_mount 51File System Management:suser:cmd:::/usr/bin/eject:euid=0 52File System Management:suser:cmd:::/usr/bin/mkdir:euid=0 53File System Management:suser:cmd:::/usr/bin/rmdir:euid=0 54File System Management:suser:cmd:::/usr/lib/autofs/automountd:euid=0 55File System Management:suser:cmd:::/usr/lib/fs/autofs/automount:euid=0 56File System Management:suser:cmd:::/usr/lib/fs/nfs/showmount:euid=0 57File System Management:suser:cmd:::/usr/lib/fs/ufs/fsirand:euid=0 58File System Management:suser:cmd:::/usr/lib/fs/ufs/newfs:euid=0 59File System Management:suser:cmd:::/usr/lib/fs/ufs/tunefs:uid=0 60File System Management:suser:cmd:::/usr/sbin/clri:euid=0 61File System Management:suser:cmd:::/usr/sbin/devinfo:euid=0 62File System Management:suser:cmd:::/usr/sbin/dfmounts:euid=0 63File System Management:suser:cmd:::/usr/sbin/dfshares:euid=0 64File System Management:suser:cmd:::/usr/sbin/ff:euid=0 65File System Management:suser:cmd:::/usr/sbin/format:euid=0 66File System Management:suser:cmd:::/usr/sbin/fsck:euid=0 67File System Management:suser:cmd:::/usr/sbin/fsdb:euid=0 68File System Management:suser:cmd:::/usr/sbin/fstyp:euid=0 69File System Management:suser:cmd:::/usr/sbin/fuser:euid=0 70File System Management:solaris:cmd:::/usr/sbin/iscsiadm:euid=0;privs=basic 71File System Management:suser:cmd:::/usr/sbin/mkfile:euid=0 72File System Management:suser:cmd:::/usr/sbin/mkfs:euid=0 73File System Management:suser:cmd:::/usr/sbin/mount:uid=0 74File System Management:suser:cmd:::/usr/sbin/mountall:uid=0 75File System Management:solaris:cmd:::/usr/sbin/mpathadm:privs=sys_devices 76File System Management:solaris:cmd:::/usr/sbin/quotacheck:uid=0;gid=sys 77File System Management:solaris:cmd:::/usr/sbin/quotaoff:uid=0;gid=sys 78File System Management:solaris:cmd:::/usr/sbin/quotaon:uid=0;gid=sys 79File System Management:solaris:cmd:::/usr/sbin/raidctl:privs=sys_config,sys_devices;euid=0 80File System Management:suser:cmd:::/usr/sbin/ramdiskadm:euid=0 81File System Management:solaris:cmd:::/usr/sbin/sasinfo:privs=sys_devices 82File System Management:solaris:cmd:::/usr/sbin/sbdadm:privs=sys_devices 83File System Management:suser:cmd:::/usr/sbin/share:uid=0;gid=root 84File System Management:suser:cmd:::/usr/sbin/sharemgr:uid=0;gid=root 85File System Management:suser:cmd:::/usr/sbin/shareall:uid=0;gid=root 86File System Management:solaris:cmd:::/usr/sbin/stmfadm:privs=sys_devices 87File System Management:suser:cmd:::/usr/sbin/swap:euid=0 88File System Management:suser:cmd:::/usr/sbin/umount:uid=0 89File System Management:suser:cmd:::/usr/sbin/umountall:uid=0 90File System Management:suser:cmd:::/usr/sbin/unshare:uid=0;gid=root 91File System Management:suser:cmd:::/usr/sbin/unshareall:uid=0;gid=root 92IP Filter Management:solaris:cmd:::/usr/sbin/ipf:privs=sys_ip_config 93IP Filter Management:solaris:cmd:::/usr/sbin/ipfs:privs=sys_ip_config 94IP Filter Management:solaris:cmd:::/usr/sbin/ipmon:privs=sys_ip_config 95IP Filter Management:solaris:cmd:::/usr/sbin/ipfstat:privs=sys_ip_config;gid=sys 96IP Filter Management:solaris:cmd:::/usr/sbin/ipnat:privs=sys_ip_config;gid=sys 97IP Filter Management:solaris:cmd:::/usr/sbin/ippool:privs=sys_ip_config;gid=sys 98Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/krb5kdc:uid=0 99Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/kadmind:uid=0 100Kerberos Server Management:solaris:cmd:::/usr/lib/krb5/kprop:euid=0;privs=none 101Kerberos Server Management:solaris:cmd:::/usr/sbin/kadmin.local:euid=0;privs=none 102Kerberos Server Management:solaris:cmd:::/usr/sbin/kdb5_util:euid=0;privs=none 103Kerberos Server Management:solaris:cmd:::/usr/sbin/kdb5_ldap_util:euid=0;privs=none 104Kerberos Server Management:solaris:cmd:::/usr/sbin/kdcmgr:euid=0;privs=none 105Kerberos Client Management:solaris:cmd:::/usr/bin/klist:euid=0;privs=file_dac_read 106Kerberos Client Management:solaris:cmd:::/usr/sbin/kadmin:euid=0;privs=none 107Kerberos Client Management:solaris:cmd:::/usr/sbin/kclient:euid=0;privs=none 108Log Management:suser:cmd:::/usr/sbin/logadm:euid=0 109Mail Management:suser:cmd:::/usr/lib/sendmail:uid=0 110Mail Management:suser:cmd:::/usr/sbin/editmap:euid=0 111Mail Management:suser:cmd:::/usr/sbin/makemap:euid=0 112Mail Management:suser:cmd:::/usr/sbin/newaliases:euid=0 113Maintenance and Repair:solaris:cmd:::/usr/bin/mdb:privs=all 114Maintenance and Repair:suser:cmd:::/usr/bin/mdb:euid=0 115Maintenance and Repair:solaris:cmd:::/usr/bin/coreadm:euid=0;privs=proc_owner 116Maintenance and Repair:suser:cmd:::/usr/bin/date:euid=0 117Maintenance and Repair:suser:cmd:::/usr/bin/ldd:euid=0 118Maintenance and Repair:suser:cmd:::/usr/bin/vmstat:euid=0 119Maintenance and Repair:suser:cmd:::/usr/sbin/eeprom:euid=0 120Maintenance and Repair:suser:cmd:::/usr/sbin/halt:euid=0 121Maintenance and Repair:suser:cmd:::/sbin/init:uid=0 122Maintenance and Repair:solaris:cmd:::/usr/sbin/pcitool:privs=all 123Maintenance and Repair:suser:cmd:::/usr/sbin/poweroff:uid=0 124Maintenance and Repair:suser:cmd:::/usr/sbin/prtconf:euid=0 125Maintenance and Repair:suser:cmd:::/usr/sbin/reboot:uid=0 126Maintenance and Repair:suser:cmd:::/usr/sbin/syslogd:euid=0 127Maintenance and Repair:suser:cmd:::/sbin/bootadm:euid=0 128Maintenance and Repair:solaris:cmd:::/usr/sbin/ucodeadm:privs=all 129Media Backup:suser:cmd:::/usr/bin/mt:euid=0 130Media Backup:suser:cmd:::/usr/lib/fs/ufs/ufsdump:euid=0;gid=sys 131Media Backup:suser:cmd:::/usr/sbin/tar:euid=0 132Media Catalog:solaris:cmd:::/usr/bin/bart:\ 133 privs=file_dac_read,file_dac_search 134Media Restore:suser:cmd:::/usr/bin/cpio:euid=0 135Media Restore:suser:cmd:::/usr/bin/mt:euid=0 136Media Restore:suser:cmd:::/usr/lib/fs/ufs/ufsrestore:euid=0 137Media Restore:suser:cmd:::/usr/sbin/tar:euid=0 138Name Service Management:suser:cmd:::/usr/sbin/nscd:euid=0 139Name Service Security:suser:cmd:::/usr/bin/chkey:euid=0 140Name Service Security:suser:cmd:::/usr/sbin/ldapclient:uid=0 141Name Service Security:suser:cmd:::/usr/sbin/newkey:euid=0 142Network Management:solaris:cmd:::/sbin/ifconfig:uid=0 143Network Management:solaris:cmd:::/sbin/route:privs=sys_ip_config 144Network Management:solaris:cmd:::/sbin/routeadm:euid=0;\ 145 privs=proc_chroot,proc_owner,sys_ip_config 146Network Management:solaris:cmd:::/sbin/dladm:euid=dladm;egid=netadm;\ 147 privs=sys_dl_config,net_rawaccess,proc_audit 148Network Management:solaris:cmd:::/sbin/dlstat:euid=dladm;egid=sys; 149Network Management:solaris:cmd:::/sbin/flowadm:euid=dladm;egid=sys;\ 150 privs=sys_dl_config,net_rawaccess,proc_audit 151Network Management:solaris:cmd:::/sbin/flowstat:euid=dladm;egid=sys; 152Network Management:solaris:cmd:::/sbin/ipadm:euid=netadm;egid=netadm;\ 153 privs=sys_ip_config,net_rawaccess 154Network Management:suser:cmd:::/usr/bin/netstat:uid=0 155Network Management:suser:cmd:::/usr/bin/rup:euid=0 156Network Management:suser:cmd:::/usr/bin/ruptime:euid=0 157Network Management:suser:cmd:::/usr/bin/setuname:euid=0 158Network Management:suser:cmd:::/usr/sbin/asppp2pppd:euid=0 159Network Management:suser:cmd:::/usr/sbin/ifconfig:uid=0 160Network Management:suser:cmd:::/usr/sbin/ipaddrsel:euid=0 161Network Management:suser:cmd:::/usr/sbin/ipqosconf:euid=0 162Network Management:suser:cmd:::/usr/sbin/rndc:privs=file_dac_read 163Network Management:suser:cmd:::/usr/sbin/route:uid=0 164Network Management:suser:cmd:::/usr/sbin/snoop:uid=0 165Network Management:solaris:cmd:::/usr/sbin/snoop:privs=net_observability 166Network Management:suser:cmd:::/usr/sbin/spray:euid=0 167Network Observability:solaris:cmd:::/usr/sbin/snoop:privs=net_observability 168Network Link Security:solaris:cmd:::/sbin/dladm:euid=dladm;egid=sys;\ 169 privs=sys_dl_config,net_rawaccess,proc_audit 170Network Link Security:solaris:cmd:::/sbin/dlstat:euid=dladm;egid=sys; 171Network IPsec Management:solaris:cmd:::/usr/lib/inet/certdb:euid=0;privs=none 172Network IPsec Management:solaris:cmd:::/usr/lib/inet/certlocal:euid=0;privs=none 173Network IPsec Management:solaris:cmd:::/usr/lib/inet/certrldb:euid=0;privs=none 174Network IPsec Management:solaris:cmd:::/usr/lib/inet/in.iked:euid=0 175Network IPsec Management:solaris:cmd:::/usr/sbin/ikeadm:euid=0;privs=file_dac_write 176Network IPsec Management:solaris:cmd:::/usr/sbin/ikecert:euid=0;privs=none 177Network IPsec Management:solaris:cmd:::/usr/sbin/ipsecconf:euid=0;privs=sys_ip_config 178Network IPsec Management:solaris:cmd:::/usr/sbin/ipseckey:uid=0;privs=sys_ip_config 179Network IPsec Management:solaris:cmd:::/usr/sbin/ipsecalgs:privs=sys_ip_config 180Network IPsec Management:suser:cmd:::/usr/lib/inet/certdb:euid=0 181Network IPsec Management:suser:cmd:::/usr/lib/inet/certlocal:euid=0 182Network IPsec Management:suser:cmd:::/usr/lib/inet/certrldb:euid=0 183Network IPsec Management:suser:cmd:::/usr/lib/inet/in.iked:euid=0 184Network IPsec Management:suser:cmd:::/usr/sbin/ikeadm:euid=0 185Network IPsec Management:suser:cmd:::/usr/sbin/ikecert:euid=0 186Network IPsec Management:suser:cmd:::/usr/sbin/ipsecconf:euid=0 187Network IPsec Management:suser:cmd:::/usr/sbin/ipseckey:uid=0 188Network IPsec Management:suser:cmd:::/usr/sbin/ipsecalgs:euid=0 189Network Security:solaris:cmd:::/usr/sbin/ksslcfg:euid=0 190Network Security:suser:cmd:::/usr/bin/ssh-keygen:uid=0;gid=sys 191Object Access Management:solaris:cmd:::/usr/bin/chgrp:privs=file_chown 192Object Access Management:solaris:cmd:::/usr/bin/chmod:privs=file_owner 193Object Access Management:solaris:cmd:::/usr/bin/chown:privs=file_chown 194Object Access Management:solaris:cmd:::/usr/bin/setfacl:privs=file_owner 195Object Access Management:suser:cmd:::/usr/bin/chgrp:euid=0 196Object Access Management:suser:cmd:::/usr/bin/chmod:euid=0 197Object Access Management:suser:cmd:::/usr/bin/chown:euid=0 198Object Access Management:suser:cmd:::/usr/bin/getfacl:euid=0 199Object Access Management:suser:cmd:::/usr/bin/setfacl:euid=0 200Primary Administrator:solaris:cmd:::*:uid=0;gid=0 201Printer Management:suser:cmd:::/usr/lib/lp/local/lpadmin:uid=lp;gid=lp 202Printer Management:suser:cmd:::/usr/sbin/lpfilter:euid=lp;uid=lp 203Printer Management:suser:cmd:::/usr/sbin/lpforms:euid=lp 204Printer Management:suser:cmd:::/usr/sbin/lpusers:euid=lp 205Printer Management:suser:cmd:::/usr/sbin/ppdmgr:euid=0 206Process Management:solaris:cmd:::/usr/bin/kill:privs=proc_owner 207Process Management:solaris:cmd:::/usr/bin/nice:privs=proc_owner,proc_priocntl 208Process Management:solaris:cmd:::/usr/bin/pcred:privs=proc_owner 209Process Management:solaris:cmd:::/usr/bin/pfiles:privs=proc_owner 210Process Management:solaris:cmd:::/usr/bin/pflags:privs=proc_owner 211Process Management:solaris:cmd:::/usr/bin/ppriv:privs=proc_owner 212Process Management:solaris:cmd:::/usr/bin/renice:privs=proc_owner,proc_priocntl 213Process Management:suser:cmd:::/usr/bin/crontab:euid=0 214Process Management:suser:cmd:::/usr/bin/kill:euid=0 215Process Management:suser:cmd:::/usr/bin/nice:euid=0 216Process Management:suser:cmd:::/usr/bin/pcred:euid=0 217Process Management:suser:cmd:::/usr/bin/pfiles:euid=0 218Process Management:suser:cmd:::/usr/bin/pflags:euid=0 219Process Management:suser:cmd:::/usr/bin/pldd:euid=0 220Process Management:suser:cmd:::/usr/bin/pmap:euid=0 221Process Management:suser:cmd:::/usr/bin/prun:euid=0 222Process Management:suser:cmd:::/usr/bin/ps:euid=0 223Process Management:suser:cmd:::/usr/bin/psig:euid=0 224Process Management:suser:cmd:::/usr/bin/pstack:euid=0 225Process Management:suser:cmd:::/usr/bin/pstop:euid=0 226Process Management:suser:cmd:::/usr/bin/ptime:euid=0 227Process Management:suser:cmd:::/usr/bin/ptree:euid=0 228Process Management:suser:cmd:::/usr/bin/pwait:euid=0 229Process Management:suser:cmd:::/usr/bin/pwdx:euid=0 230Process Management:suser:cmd:::/usr/bin/renice:euid=0 231Process Management:suser:cmd:::/usr/bin/truss:euid=0 232Process Management:suser:cmd:::/usr/sbin/fuser:euid=0 233Process Management:solaris:cmd:::/usr/sbin/rcapadm:uid=0 234Project Management:solaris:cmd:::/usr/sbin/projadd:euid=0 235Project Management:solaris:cmd:::/usr/sbin/projmod:euid=0 236Project Management:solaris:cmd:::/usr/sbin/projdel:euid=0 237Software Installation:suser:cmd:::/usr/bin/ln:euid=0 238Software Installation:suser:cmd:::/usr/bin/pkginfo:uid=0 239Software Installation:suser:cmd:::/usr/bin/pkgmk:uid=0 240Software Installation:suser:cmd:::/usr/bin/pkgparam:uid=0 241Software Installation:suser:cmd:::/usr/bin/pkgproto:uid=0 242Software Installation:suser:cmd:::/usr/bin/pkgtrans:uid=0 243Software Installation:suser:cmd:::/usr/ccs/bin/make:euid=0 244Software Installation:suser:cmd:::/usr/sbin/install:euid=0 245Software Installation:suser:cmd:::/usr/sbin/pkgadd:uid=0;gid=bin 246Software Installation:suser:cmd:::/usr/sbin/pkgask:uid=0 247Software Installation:suser:cmd:::/usr/sbin/pkgchk:uid=0 248Software Installation:suser:cmd:::/usr/sbin/pkgrm:uid=0;gid=bin 249System Event Management:suser:cmd:::/usr/sbin/syseventadm:uid=0 250User Management:suser:cmd:::/usr/sbin/grpck:euid=0 251User Management:suser:cmd:::/usr/sbin/pwck:euid=0 252User Management:solaris:cmd:::/usr/sbin/useradd:uid=0 253User Management:solaris:cmd:::/usr/sbin/userdel:uid=0 254User Management:solaris:cmd:::/usr/sbin/usermod:uid=0 255User Management:solaris:cmd:::/usr/sbin/roleadd:uid=0 256User Management:solaris:cmd:::/usr/sbin/roledel:uid=0 257User Management:solaris:cmd:::/usr/sbin/rolemod:uid=0 258User Management:solaris:cmd:::/usr/sbin/groupadd:uid=0 259User Management:solaris:cmd:::/usr/sbin/groupdel:uid=0 260User Management:solaris:cmd:::/usr/sbin/groupmod:uid=0 261User Security:suser:cmd:::/usr/bin/passwd:uid=0 262User Security:solaris:cmd:::/usr/sbin/passmgmt:uid=0 263User Security:suser:cmd:::/usr/sbin/pwck:euid=0 264User Security:suser:cmd:::/usr/sbin/pwconv:euid=0 265DAT Administration:solaris:cmd:::/usr/sbin/datadm:euid=0 266ZFS File System Management:solaris:cmd:::/sbin/zfs:euid=0 267ZFS Storage Management:solaris:cmd:::/sbin/zpool:uid=0 268ZFS Storage Management:solaris:cmd:::/usr/lib/zfs/availdevs:uid=0 269Zone Management:solaris:cmd:::/usr/sbin/txzonemgr:uid=0 270Zone Management:solaris:cmd:::/usr/sbin/zonecfg:uid=0 271Zone Management:solaris:cmd:::/usr/sbin/zoneadm:uid=0 272Zone Management:solaris:cmd:::/usr/sbin/zlogin:uid=0 273acctadm:solaris:cmd:::/usr/sbin/acctadm:euid=0;egid=0;privs=sys_acct,file_dac_write 274