'\" te .\" Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved. .TH exec_attr 4 "21 Feb 2012" "SunOS 5.11" "File Formats" .SH NAME exec_attr \- execution profiles database .SH SYNOPSIS .LP .nf \fB/etc/security/exec_attr\fR .fi .SH DESCRIPTION .sp .LP \fB/etc/security/exec_attr\fR is a local database that specifies the execution attributes associated with profiles. The \fBexec_attr\fR file can be used with other sources for execution profiles, including the \fBexec_attr\fR \fBNIS\fR map. Programs use the \fBgetexecattr\fR(3C) routines to access this information. .sp .LP The search order for multiple execution profile sources is specified in the \fB/etc/nsswitch.conf\fR file, as described in the \fBnsswitch.conf\fR(4) man page. The search order follows the entry for \fBprof_attr\fR(4). .sp .LP A profile is a logical grouping of authorizations and commands that is interpreted by a profile shell to form a secure execution environment. The shells that interpret profiles are \fBpfcsh\fR, \fBpfksh\fR, and \fBpfsh\fR. See the \fBpfsh\fR(1) man page. Each user's account is assigned zero or more profiles in the \fBuser_attr\fR(4) database file. .sp .LP Each entry in the \fBexec_attr\fR database consists of one line of text containing seven fields separated by colons (\fB:\fR). Line continuations using the backslash (\fB\e\fR) character are permitted. The basic format of each entry is: .sp .LP \fIname\fR:\fIpolicy\fR:\fItype\fR:\fIres1\fR:\fIres2\fR:\fIid\fR:\fIattr\fR .sp .ne 2 .mk .na \fB\fIname\fR\fR .ad .RS 10n .rt The name of the profile. Profile names are case-sensitive. .RE .sp .ne 2 .mk .na \fB\fIpolicy\fR\fR .ad .RS 10n .rt The security policy that is associated with the profile entry. The valid policy type is \fBsolaris\fR. The \fBsolaris\fR policy recognizes privileges. See \fBprivileges\fR(5). .RE .sp .ne 2 .mk .na \fB\fItype\fR\fR .ad .RS 10n .rt The type of object defined in the profile. The valid type is \fBcmd\fR. The \fBcmd\fR type specifies that the ID field is a command that would be executed by a shell. .RE .sp .ne 2 .mk .na \fB\fIres1\fR\fR .ad .RS 10n .rt The characters \fBRO\fR in this field indicate it is read only and not modifiable by the tools that update this database. .RE .sp .ne 2 .mk .na \fB\fIres2\fR\fR .ad .RS 10n .rt Reserved for future use. .RE .sp .ne 2 .mk .na \fB\fIid\fR\fR .ad .RS 10n .rt A string that uniquely identifies the object described by the profile. For a profile of type \fBcmd,\fR the id is either the full path to the command or the asterisk (\fB*\fR) symbol, which is used to allow all commands. An asterisk that replaces the filename component in a pathname indicates all files in a particular directory. .sp To specify arguments, the pathname should point to a shell script that is written to execute the command with the desired argument. In a Bourne shell, the effective UID is reset to the real UID of the process when the effective UID is less than 100 and not equal to the real UID. Depending on the \fBeuid\fR and \fBegid\fR values, Bourne shell limitations might make other shells preferable. To prevent the effective UIDs from being reset to real UIDs, you can start the script with the \fB-p\fR option. .sp .in +2 .nf #!/bin/sh -p .fi .in -2 .sp .RE .sp .ne 2 .mk .na \fB\fIattr\fR\fR .ad .RS 10n .rt An optional list of semicolon-separated (\fB;\fR) key-value pairs that describe the security attributes to apply to the object upon execution. Zero or more keys can be specified. The list of valid key words depends on the policy enforced. The following key words are valid: \fBeuid\fR, \fBuid,\fR \fBegid\fR, \fBgid\fR, \fBprivs\fR, and \fBlimitprivs\fR. .sp \fBeuid\fR and \fBuid\fR contain a single user name or a numeric user \fBID\fR. Commands designated with \fBeuid\fR run with the effective \fBUID\fR indicated, which is similar to setting the setuid bit on an executable file. Commands designated with \fBuid\fR run with both the real and effective \fBUID\fRs. Setting \fBuid\fR might be more appropriate than setting the \fBeuid\fR on privileged shell scripts. .sp \fBegid\fR and \fBgid\fR contain a single group name or a numeric group \fBID\fR. Commands designated with \fBegid\fR run with the effective \fBGID\fR indicated, which is similar to setting the setgid bit on a file. Commands designated with \fBgid\fR run with both the real and effective \fBGID\fRs. Setting \fBgid\fR might be more appropriate than setting \fBguid\fR on privileged shell scripts. .sp \fBprivs\fR contains a privilege set which are added to the inheritable set prior to running the command. .sp \fBlimitprivs\fR contains a privilege set which are assigned to the limit set prior to running the command. .sp \fBprivs\fR and \fBlimitprivs\fR are only valid for the \fBsolaris\fR policy. .RE .SH EXAMPLES .LP \fBExample 1 \fRUsing Privileges .sp .LP The following example shows the \fBaudit\fR command specified in the Audit Control profile to execute with the \fBproc_owner\fR privilege: .sp .in +2 .nf Audit Control:solaris:cmd:::/usr/sbin/audit:privs=proc_owner .fi .in -2 .sp .SH FILES .sp .ne 2 .mk .na \fB\fB/etc/nsswitch.conf\fR\fR .ad .sp .6 .RS 4n .RE .sp .ne 2 .mk .na \fB\fB/etc/user_attr\fR\fR .ad .sp .6 .RS 4n .RE .sp .ne 2 .mk .na \fB\fB/etc/security/exec_attr\fR\fR .ad .sp .6 .RS 4n Locally added entries. Make sure that the shipped header remains intact. .RE .sp .ne 2 .mk .na \fB\fB/etc/security/exec_attr.d/*\fR\fR .ad .sp .6 .RS 4n Entries added by package installation. .RE .SH ATTRIBUTES .sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp .sp .TS tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) . ATTRIBUTE TYPEATTRIBUTE VALUE _ Availabilitysystem/core-os _ Interface StabilitySee below. .TE .sp .LP The command-line syntax is Committed. The output is Uncommitted. .SH NOTES .sp .LP Because the list of legal keys is likely to expand, any code that parses this database must be written to ignore unknown key-value pairs without error. When any new keywords are created, the names should be prefixed with a unique string, such as the company's stock symbol, to avoid potential naming conflicts. .sp .LP The following characters are used in describing the database format and must be escaped with a backslash if used as data: colon (\fB:\fR), semicolon (\fB;\fR), equals (\fB=\fR), and backslash (\fB\e\fR). .sp .in +2 .nf Authorizations required to set various fields are listed: name profile name solaris.profile.cmd.manage policy security policy solaris.profile.cmd.manage type type of object defined solaris.profile.cmd.manage in the profile id full path of command solaris.profile.cmd.manage .fi .in -2 .sp .sp .in +2 .nf attr security attributes of the command euid euid of the command solaris.profile.cmd.setuid process uid uid of the command solaris.profile.cmd.setuid process egid egid of the command solaris.group.assign/delegate process gid gid of the command solaris.group.assign/delegate process privs privileges added to the inheritable set of solaris.privilege.assign/delegate privileges for the command. An Extended Policy can be specified here. See privileges.5. limitprivs privileges assigned to the limit set of solaris.privilege.assign/delegate privileges for the command .fi .in -2 .sp .sp .LP The value of \fBlimitprivs\fR that can be set by an authorized user for a given command are limited to the \fBlimitprivs\fR privileges that are granted to the user. .sp .LP The value of the \fBprivs\fR that can be set by an authorized user for a given command are limited to the \fBdefaultprivs\fR privileges granted to the user. .sp .LP The \fBsolaris.privilege.assign\fR authorization allows the authorized user to grant any privilege to a user. The \fBsolaris.privilege.delegate\fR allows the authorized user to grant privileges from the user's privilege sets. See \fBgroup\fR(4) for more information on \fBsolaris.group.assign/\fRdelegate. .SH SEE ALSO .sp .LP \fBauths\fR(1), \fBprofiles\fR(1), \fBroles\fR(1), \fBsh\fR(1), \fBmakedbm\fR(1M), \fBgetauthattr\fR(3C), \fBgetexecattr\fR(3C), \fBgetprofattr\fR(3C), \fBgetuserattr\fR(3C), \fBkva_match\fR(3C), \fBauth_attr\fR(4), \fBgroup\fR(4), \fBprof_attr\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5), \fBprivileges\fR(5)