Mercurial > illumos > illumos-gate
annotate usr/src/lib/libsecdb/prof_attr.txt @ 12016:0248e987199b
PSARC 2009/306 Brussels II - ipadm and libipadm
PSARC 2010/080 Brussels II addendum
6827318 Brussels Phase II aka ipadm(1m)
6731945 need BSD getifaddrs() API
6909065 explicitly disallow non-contiguous netmasks in the next minor release
6853922 ifconfig dumps core when ether address is non-hexadecimal.
6815806 ipReasmTimeout value should be variable
6567083 nd_getset has some dead and confusing code.
6884466 remove unused tcp/sctp ndd tunables
6928813 Comments at odds with default value of tcp_time_wait_interval
6236982 ifconfig usesrc lets adapter use itself as source address
6936855 modifying the ip6_strict_src_multihoming to non-zero value will unbind V4 IREs
author | Girish Moodalbail <Girish.Moodalbail@Sun.COM> |
---|---|
date | Fri, 26 Mar 2010 17:53:11 -0400 |
parents | 5fce03ad05c6 |
children | 96c3e6ae396d |
rev | line source |
---|---|
0 | 1 # |
2 # CDDL HEADER START | |
3 # | |
4 # The contents of this file are subject to the terms of the | |
750
eb6d1eb78fb9
6337435 *prof_attr* Basic Solaris User profile contains authorization typo
gbrunett
parents:
0
diff
changeset
|
5 # Common Development and Distribution License (the "License"). |
eb6d1eb78fb9
6337435 *prof_attr* Basic Solaris User profile contains authorization typo
gbrunett
parents:
0
diff
changeset
|
6 # You may not use this file except in compliance with the License. |
0 | 7 # |
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | |
9 # or http://www.opensolaris.org/os/licensing. | |
10 # See the License for the specific language governing permissions | |
11 # and limitations under the License. | |
12 # | |
13 # When distributing Covered Code, include this CDDL HEADER in each | |
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. | |
15 # If applicable, add the following below this CDDL HEADER, with the | |
16 # fields enclosed by brackets "[]" replaced with your own identifying | |
17 # information: Portions Copyright [yyyy] [name of copyright owner] | |
18 # | |
19 # CDDL HEADER END | |
20 # | |
750
eb6d1eb78fb9
6337435 *prof_attr* Basic Solaris User profile contains authorization typo
gbrunett
parents:
0
diff
changeset
|
21 |
eb6d1eb78fb9
6337435 *prof_attr* Basic Solaris User profile contains authorization typo
gbrunett
parents:
0
diff
changeset
|
22 # |
11451
84318b5fda90
PSARC/2009/653 VRRP disabled by default
Cathy Zhou <Cathy.Zhou@Sun.COM>
parents:
11076
diff
changeset
|
23 # Copyright 2010 Sun Microsystems, Inc. All rights reserved. |
750
eb6d1eb78fb9
6337435 *prof_attr* Basic Solaris User profile contains authorization typo
gbrunett
parents:
0
diff
changeset
|
24 # Use is subject to license terms. |
eb6d1eb78fb9
6337435 *prof_attr* Basic Solaris User profile contains authorization typo
gbrunett
parents:
0
diff
changeset
|
25 # |
eb6d1eb78fb9
6337435 *prof_attr* Basic Solaris User profile contains authorization typo
gbrunett
parents:
0
diff
changeset
|
26 |
eb6d1eb78fb9
6337435 *prof_attr* Basic Solaris User profile contains authorization typo
gbrunett
parents:
0
diff
changeset
|
27 # |
0 | 28 # /etc/security/prof_attr |
29 # | |
30 # profiles attributes. see prof_attr(4) | |
31 # | |
32 All:::Execute any command as the user or role:help=RtAll.html | |
6561
6bceb97f4a72
6681220 There are still places that say BSM auditing that should say Solaris auditing.
jf206706
parents:
6059
diff
changeset
|
33 Audit Control:::Configure Solaris Auditing:auths=solaris.audit.config,solaris.jobs.admin;help=RtAuditCtrl.html |
6bceb97f4a72
6681220 There are still places that say BSM auditing that should say Solaris auditing.
jf206706
parents:
6059
diff
changeset
|
34 Audit Review:::Review Solaris Auditing logs:auths=solaris.audit.read;help=RtAuditReview.html |
11767
8f30d0e611c6
PSARC/2008/532 NWAM Phase 1
Anurag S. Maskey <Anurag.Maskey@Sun.COM>
parents:
11451
diff
changeset
|
35 Console User:::Manage System as the Console User:profiles=Suspend To RAM,Suspend To Disk,Brightness,CPU Power Management,Network Autoconf User;auths=solaris.system.shutdown;help=RtConsUser.html |
0 | 36 Contract Observer:::Reliably observe any/all contract events:help=RtContractObserver.html |
37 Device Management:::Control Access to Removable Media:auths=solaris.device.*;help=RtDeviceMngmnt.html | |
5307
ea4512a0e608
PSARC/2007/499 Automatic discovery of network attached printers
jacobs
parents:
5137
diff
changeset
|
38 Printer Management:::Manage printers, daemons, spooling:auths=solaris.print.*,solaris.label.print,solaris.smf.manage.discovery.printers.*,solaris.smf.value.discovery.printers.*;help=RtPrntAdmin.html |
0 | 39 Cron Management:::Manage at and cron jobs:auths=solaris.jobs.*,solaris.smf.manage.cron;help=RtCronMngmnt.html |
40 Log Management:::Manage log files:help=RtLogMngmnt.html | |
9430
637732b28916
PSARC 2007/425 Wireless USB support
Raymond Chen <Raymond.Chen@Sun.COM>
parents:
9298
diff
changeset
|
41 Basic Solaris User:::Automatically assigned rights:auths=solaris.profmgr.read,solaris.mail.mailq,solaris.device.mount.removable,solaris.admin.wusb.read;profiles=All;help=RtDefault.html |
7688
2757e6e1bb2a
PSARC 2006/591 Virtual Console
rui zang - Sun Microsystems - Beijing China <Aaron.Zang@Sun.COM>
parents:
7645
diff
changeset
|
42 Device Security:::Manage devices and Volume Manager:auths=solaris.device.*,solaris.smf.manage.vt;help=RtDeviceSecurity.html |
0 | 43 DHCP Management:::Manage the DHCP service:auths=solaris.dhcpmgr.*;help=RtDHCPMngmnt.html |
7103
3cde99325878
PSARC 2008/087 Extended Accounting Conversion to SMF
ml93401
parents:
6654
diff
changeset
|
44 Extended Accounting Flow Management:::Manage the Flow Extended Accounting service:auths=solaris.smf.manage.extended-accounting.flow,solaris.smf.value.extended-accounting.flow;profiles=acctadm;help=RtExActtFlow.html |
3cde99325878
PSARC 2008/087 Extended Accounting Conversion to SMF
ml93401
parents:
6654
diff
changeset
|
45 Extended Accounting Process Management:::Manage the Process Extended Accounting service:auths=solaris.smf.manage.extended-accounting.process,solaris.smf.value.extended-accounting.process;profiles=acctadm;hep=RtExAcctProcess.html |
3cde99325878
PSARC 2008/087 Extended Accounting Conversion to SMF
ml93401
parents:
6654
diff
changeset
|
46 Extended Accounting Task Management:::Manage the Task Extended Accounting service:auths=solaris.smf.manage.extended-accounting.task,solaris.smf.value.extended-accounting.task;profiles=acctadm;help=RtExAcctTask.html |
8275
7c223a798022
PSARC/2006/357 Crossbow - Network Virtualization and Resource Management
Eric Cheng
parents:
8023
diff
changeset
|
47 Extended Accounting Net Management:::Manage the Net Extended Accounting service:auths=solaris.smf.manage.extended-accounting.net,solaris.smf.value.extended-accounting.net;profiles=acctadm;help=RtExActtNet.html |
6007 | 48 File System Management:::Manage, mount, share file systems:profiles=SMB Management,VSCAN Management,SMBFS Management;auths=solaris.smf.manage.autofs,solaris.smf.manage.shares.*,solaris.smf.value.shares.*;help=RtFileSysMngmnt.html |
0 | 49 File System Security:::Manage file system security attributes:help=RtFileSysSecurity.html |
2912
85ea316d9c18
PSARC 2005/399 Tamarack: Removable Media Enhancements in Solaris
artem
parents:
995
diff
changeset
|
50 HAL Management:::Manage HAL SMF service:auths=solaris.smf.manage.hal;help=RtHALMngmnt.html |
10923
df470fd79c3c
PSARC/2008/181 Solaris Hotplug Framework
Evan Yan <Evan.Yan@Sun.COM>
parents:
10793
diff
changeset
|
51 Hotplug Management:::Manage Hotplug Connections:auths=solaris.smf.manage.hotplug,solaris.hotplug.*;help=RtHotplugMgmt.html |
4754
0586690ea7f0
PSARC/2007/399 inetd backlog SMF property: connection_backlog
vp157776
parents:
4746
diff
changeset
|
52 Idmap Name Mapping Management:::Manage Name-based Mapping Rules of Identity Mapping Service:auths=solaris.admin.idmap.rules;help=RtIdmapNameRulesMngmnt.html |
0586690ea7f0
PSARC/2007/399 inetd backlog SMF property: connection_backlog
vp157776
parents:
4746
diff
changeset
|
53 Idmap Service Management:::Manage Identity Mapping Service:auths=solaris.smf.manage.idmap,solaris.smf.value.idmap;help=RtIdmapMngmnt.html |
0586690ea7f0
PSARC/2007/399 inetd backlog SMF property: connection_backlog
vp157776
parents:
4746
diff
changeset
|
54 Inetd Management:::Manage inetd configuration parameters:auths=solaris.smf.manage.inetd,solaris.smf.value.inetd;help=RtInetdMngmnt.html |
0 | 55 Mail Management:::Manage sendmail & queues:auths=solaris.smf.manage.sendmail;help=RtMailMngmnt.html |
10923
df470fd79c3c
PSARC/2008/181 Solaris Hotplug Framework
Evan Yan <Evan.Yan@Sun.COM>
parents:
10793
diff
changeset
|
56 Maintenance and Repair:::Maintain and repair a system:auths=solaris.smf.manage.system-log,solaris.label.range,solaris.smf.manage.coreadm,solaris.smf.value.coreadm;profiles=Hotplug Management;help=RtMaintAndRepair.html |
5622 | 57 Media Backup:::Backup files and file systems:profiles=NDMP Management;help=RtMediaBkup.html |
9298
5ecf9483b3ec
6436517 bart needs to be large files aware to support ZFS roots greater than 2TB
William Young <William.Young@Sun.COM>
parents:
8275
diff
changeset
|
58 Media Catalog:::Catalog files and file systems:help=RtMediaCtlg.html |
5622 | 59 Media Restore:::Restore files and file systems from backups:profiles=NDMP Management;help=RtMediaRestore.html |
7948
6404ef908cc3
6748184 MMS appears to overlook the authorizations, and profiles best practices and the SMF policy
David Major <David.Major@Sun.COM>
parents:
7836
diff
changeset
|
60 MMS Administrator:::MMS Media Manager Administrator:auths=solaris.smf.manage.mms,solaris.smf.value.mms,solaris.mms.*;help=RtMMSAdmin.html |
6404ef908cc3
6748184 MMS appears to overlook the authorizations, and profiles best practices and the SMF policy
David Major <David.Major@Sun.COM>
parents:
7836
diff
changeset
|
61 MMS Operator:::MMS Media Manager Operator:auths=solaris.smf.manage.mms,solaris.mms.media.*,solaris.mms.request.*,solaris.mms.device.state.*,solaris.mms.device.log.*;help=RtMMSOper.html |
6404ef908cc3
6748184 MMS appears to overlook the authorizations, and profiles best practices and the SMF policy
David Major <David.Major@Sun.COM>
parents:
7836
diff
changeset
|
62 MMS User:::MMS Tape User:auths=solaris.mms.io.*;help=RtMMSUser.html |
5622 | 63 NDMP Management:::Manage the NDMP service:auths=solaris.smf.manage.ndmp,solaris.smf.value.ndmp,solaris.smf.read.ndmp;help=RtNdmpMngmnt.html |
11767
8f30d0e611c6
PSARC/2008/532 NWAM Phase 1
Anurag S. Maskey <Anurag.Maskey@Sun.COM>
parents:
11451
diff
changeset
|
64 Network Autoconf Admin:::Manage Network Auto-Magic configuration via nwamd:profiles=Network Autoconf User;auths=solaris.network.autoconf.write,solaris.smf.manage.location,solaris.smf.modify.application;help=RtNetAutoconfAdmin.html |
8f30d0e611c6
PSARC/2008/532 NWAM Phase 1
Anurag S. Maskey <Anurag.Maskey@Sun.COM>
parents:
11451
diff
changeset
|
65 Network Autoconf User:::Network Auto-Magic User:auths=solaris.network.autoconf.read,solaris.network.autoconf.select,solaris.network.autoconf.wlan;help=RtNetAutoconfUser.html |
10946
324bab2b3370
PSARC 2008/575 ILB: Integrated L3/L4 Load balancer
Sangeeta Misra <Sangeeta.Misra@Sun.COM>
parents:
10923
diff
changeset
|
66 Network ILB:::Manage ILB configuration via ilbadm:auths=solaris.network.ilb.config,solaris.network.ilb.enable;help=RtNetILB.html |
11451
84318b5fda90
PSARC/2009/653 VRRP disabled by default
Cathy Zhou <Cathy.Zhou@Sun.COM>
parents:
11076
diff
changeset
|
67 Network VRRP:::Manage VRRP instances:auths=solaris.network.vrrp,solaris.smf.manage.vrrp;help=RtNetVRRP.html |
12016
0248e987199b
PSARC 2009/306 Brussels II - ipadm and libipadm
Girish Moodalbail <Girish.Moodalbail@Sun.COM>
parents:
11876
diff
changeset
|
68 Network Management:::Manage the host and network configuration:auths=solaris.smf.manage.name-service-cache,solaris.smf.manage.bind,solaris.smf.value.routing,solaris.smf.manage.routing,solaris.smf.value.nwam,solaris.smf.manage.nwam,solaris.smf.manage.tnd,solaris.smf.manage.tnctl,solaris.smf.manage.wpa,solaris.smf.value.mdns,solaris.smf.manage.mdns,solaris.smf.manage.ilb,solaris.network.interface.config;profiles=Network Wifi Management,Inetd Management,Network VRRP,Network Observability;help=RtNetMngmnt.html |
8023
faf256d5c16c
PSARC/2006/475 Clearview: IP Observability Devices
Philip Kirk <Phil.Kirk@Sun.COM>
parents:
7948
diff
changeset
|
69 Network Observability:::Allow access to observability devices:privs=net_observability;help=RtNetObservability.html |
11838
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
11767
diff
changeset
|
70 Network Security:::Manage network and host security:auths=solaris.smf.manage.ssh,solaris.smf.value.tnd,solaris.network.*;profiles=Network Wifi Security,Network Link Security,Network IPsec Management;help=RtNetSecure.html |
995 | 71 Network Wifi Management:::Manage wifi network configuration:auths=solaris.network.wifi.config;help=RtNetWifiMngmnt.html |
72 Network Wifi Security:::Manage wifi network security:auths=solaris.network.wifi.wep;help=RtNetWifiSecure.html | |
3147 | 73 Network Link Security:::Manage network link security:auths=solaris.network.link.security;help=RtNetLinkSecure.html |
4235
037e335b7d68
PSARC 2007/200 - Dedicated SMF services for IPsec/IKE
markfen
parents:
4126
diff
changeset
|
74 Network IPsec Management:::Manage IPsec and IKE:auths=solaris.smf.manage.ipsec,solaris.smf.value.ipsec;help=RtNetIPsec.html |
0 | 75 Name Service Management:::Non-security name service scripts/commands:help=RtNameServiceAdmin.html |
76 Name Service Security:::Security related name service scripts/commands:help=RtNameServiceSecure.html | |
77 Object Access Management:::Change ownership and permission on files:help=RtObAccessMngmnt.html | |
11838
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
11767
diff
changeset
|
78 Operator:::Can perform simple administrative tasks:profiles=Printer Management,Media Backup,All;help=RtOperator.html |
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
11767
diff
changeset
|
79 Primary Administrator:::Can perform all administrative tasks:auths=solaris.*,solaris.grant;help=RtPriAdmin.html |
0 | 80 Process Management:::Manage current processes and processors:auths=solaris.smf.manage.cron,solaris.smf.manage.power;help=RtProcManagement.html |
10793
34709091de6d
6886081 Solaris needs reparse point support (PSARC 2009/387)
Dai Ngo <dai.ngo@sun.com>
parents:
9430
diff
changeset
|
81 Reparse Management:::Manage the reparse service:auths=solaris.smf.manage.reparse:help=RtReparseMngmnt.html |
0 | 82 Rights Delegation:::Delegate ability to assign rights to users and roles:auths=solaris.role.delegate,solaris.profmgr.delegate,solaris.grant;help=RtRightsDelegate.html |
2912
85ea316d9c18
PSARC 2005/399 Tamarack: Removable Media Enhancements in Solaris
artem
parents:
995
diff
changeset
|
83 Rmvolmgr Management:::Manage Removable Volume Manager SMF service:auths=solaris.smf.manage.rmvolmgr;help=RtRmvolmgrMngmnt.html |
0 | 84 Service Management:::Manage services:auths=solaris.smf.manage,solaris.smf.modify |
85 Service Operator:::Administer services:auths=solaris.smf.manage,solaris.smf.modify.framework | |
86 Software Installation:::Add application software to the system:help=RtSoftwareInstall.html | |
11838
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
11767
diff
changeset
|
87 System Administrator:::Can perform most non-security administrative tasks:profiles=Audit Review,Printer Management,Cron Management,Device Management,File System Management,Mail Management,Maintenance and Repair,Media Backup,Media Restore,Name Service Management,Network Management,Object Access Management,Process Management,Software Installation,User Management,Project Management,All;help=RtSysAdmin.html |
0 | 88 System Event Management:::Manage system events and system event channels:help=RtSysEvMngmnt.html |
89 User Management:::Manage users, groups, home directory:auths=solaris.profmgr.read;help=RtUserMngmnt.html | |
4746
0bc0c48f4304
PSARC 2007/254 - Enabling method for Trusted Extensions
rica
parents:
4520
diff
changeset
|
90 User Security:::Manage passwords, clearances:auths=solaris.role.*,solaris.profmgr.*,solaris.label.range;help=RtUserSecurity.html |
0 | 91 FTP Management:::Manage the FTP server:help=RtFTPMngmnt.html |
92 Crypto Management:::Cryptographic Framework Administration:help=RtCryptoMngmnt.html | |
93 Kerberos Client Management:::Maintain and Administer Kerberos excluding the servers:help=RtKerberosClntMngmnt.html | |
94 Kerberos Server Management:::Maintain and Administer Kerberos Servers:profiles=Kerberos Client Management;help=RtKerberosSrvrMngmnt.html | |
95 DAT Administration:::Manage the DAT configuration:help=RtDatAdmin.html | |
5331 | 96 SMB Management:::Manage the SMB service:auths=solaris.smf.manage.smb,solaris.smf.value.smb,solaris.smf.read.smb;help=RtSMBMngmnt.html |
6007 | 97 SMBFS Management:::Manage the SMB client:auths=solaris.smf.manage.smbfs,solaris.smf.value,solaris.smf.modify.application;help=RtSMBFSMngmnt.html |
7836
4e95154b5b7a
6745433 Merge NWS consolidation into OS/Net consolidation
John Forte <John.Forte@Sun.COM>
parents:
7822
diff
changeset
|
98 STMF Administration:::Configure STMF service:auths=solaris.smf.modify.application |
4e95154b5b7a
6745433 Merge NWS consolidation into OS/Net consolidation
John Forte <John.Forte@Sun.COM>
parents:
7822
diff
changeset
|
99 STMF Management:::Start/Stop STMF service:auths=solaris.smf.manage.stmf |
789 | 100 ZFS File System Management:::Create and Manage ZFS File Systems:help=RtZFSFileSysMngmnt.html |
101 ZFS Storage Management:::Create and Manage ZFS Storage Pools:help=RtZFSStorageMngmnt.html | |
0 | 102 Zone Management:::Zones Virtual Application Environment Administration:help=RtZoneMngmnt.html |
103 IP Filter Management:::IP Filter Administration:help=RtIPFilterMngmnt.html | |
104 Project Management:::Add/Modify/Remove projects:help=RtProjManagement.html | |
5440 | 105 VSCAN Management:::Manage the VSCAN service:auths=solaris.smf.manage.vscan,solaris.smf.value.vscan,solaris.smf.modify.application;help=RtVscanMngmnt.html |
9430
637732b28916
PSARC 2007/425 Wireless USB support
Raymond Chen <Raymond.Chen@Sun.COM>
parents:
9298
diff
changeset
|
106 WUSB Management:::Manage Wireless USB:auths=solaris.admin.wusb.*,solaris.smf.manage.wusb;help=WUSBmgmt.html |
4746
0bc0c48f4304
PSARC 2007/254 - Enabling method for Trusted Extensions
rica
parents:
4520
diff
changeset
|
107 # |
0bc0c48f4304
PSARC 2007/254 - Enabling method for Trusted Extensions
rica
parents:
4520
diff
changeset
|
108 # Trusted Extensions profiles: |
0bc0c48f4304
PSARC 2007/254 - Enabling method for Trusted Extensions
rica
parents:
4520
diff
changeset
|
109 # |
0bc0c48f4304
PSARC 2007/254 - Enabling method for Trusted Extensions
rica
parents:
4520
diff
changeset
|
110 Information Security:::Maintains MAC and DAC security policies:profiles=Device Security,File System Security,Name Service Security,Network Security,Object Access Management,Object Label Management;help=RtInfoSec.html |
0bc0c48f4304
PSARC 2007/254 - Enabling method for Trusted Extensions
rica
parents:
4520
diff
changeset
|
111 Object Label Management:::Change labels on files.:auths=solaris.device.allocate,solaris.label.file.downgrade,solaris.label.win.downgrade,solaris.label.win.upgrade,solaris.label.file.upgrade,solaris.label.range,solaris.smf.manage.labels;help=RtObjectLabelMngmnt.html |
0bc0c48f4304
PSARC 2007/254 - Enabling method for Trusted Extensions
rica
parents:
4520
diff
changeset
|
112 Outside Accred:::Allow a user to operate outside the user accreditation range.:auths=solaris.label.range;help=RtOutsideAccred.html |
6573 | 113 # |
114 # Power Management profiles: | |
115 # | |
116 System Power:::For authorized users to manage system power:auths=solaris.system.power.*;help=RtSysPowerMgmt.html | |
117 Suspend:::For authorized users to Suspend system:auths=solaris.system.power.suspend.*;help=RtSysPowerMgmtSuspend.html | |
118 Suspend To Disk:::For authorized users to Suspend to Disk:auths=solaris.system.power.suspend.disk;help=RtSysPowerMgmtSuspendToDisk.html | |
119 Suspend To RAM:::For authorized users to Suspend to RAM:auths=solaris.system.power.suspend.ram;help=RtSysPowerMgmtSuspendToRAM.html | |
120 Brightness:::For authorized users to Control LCD Brightness:auths=solaris.system.power.brightness;help=RtSysPowerMgmtBrightness.html | |
6654 | 121 CPU Power Management:::For authorized users to manage CPU Power:auths=solaris.system.power.cpu;help=RtCPUPowerManagement.html |
7103
3cde99325878
PSARC 2008/087 Extended Accounting Conversion to SMF
ml93401
parents:
6654
diff
changeset
|
122 acctadm:::Do not assign to users. Commands required for Extended Accounting Management profiles:help=RtAcctadm.help |
7836
4e95154b5b7a
6745433 Merge NWS consolidation into OS/Net consolidation
John Forte <John.Forte@Sun.COM>
parents:
7822
diff
changeset
|
123 ISNS Server Management:::Manage ISNS server:auths=solaris.smf.manage.isns,solaris.smf.value.isns,solaris.isnsmgr.write:help=RtISNSMngmnt.html |