|
Hopefully, this page is exactly what you are looking for, but if not, you can always find further assistance on Unix/Linux Forum!
Standards, Environments, and Macros smf_security(5)
NAME
smf_security - service management facility security behavior
DESCRIPTION
The configuration subsystem for the service management
facility, smf(5), requires privilege to modify the confi-
guration of a service. Privileges are granted to a user by
associating the authorizations described below to the user
through user_attr(4) and prof_attr(4). See rbac(5).
The following authorization is used to manipulate services
and service instances.
solaris.smf.modify Authorized to add, delete, or modify
services, service instances, or
their properties.
Property Group Authorizations
The smf(5) configuration subsystem associates properties
with each service and service instance. Related properties
are grouped. Groups may represent an execution method,
credential information, application data, or restarter
state. The ability to create or modify property groups can
cause smf(5) components to perform actions that may require
operating system privilege. Accordingly, the framework
requires appropriate authorization to manipulate property
groups.
Each property group has a type corresponding to its purpose.
The core property group types are method, dependency, appli-
cation, and framework. Additional property group types can
be introduced, provided they conform to the extended naming
convention in smf(5). The following basic authorizations,
however, apply only to the core property group types:
solaris.smf.modify.method
Authorized to change values or create, delete, or modify
a property group of type method.
solaris.smf.modify.dependency
Authorized to change values or create, delete, or modify
a property group of type dependency.
SunOS 5.10 Last change: 2 Dec 04 1
Standards, Environments, and Macros smf_security(5)
solaris.smf.modify.application
Authorized to change values or create, delete, or modify
a property group of type application.
solaris.smf.modify.framework
Authorized to change values or create, delete, or modify
a property group of type framework.
solaris.smf.modify
Authorized to add, delete, or modify services, service
instances, or their properties.
Property group-specific authorization can be specified by
properties contained in the property group.
modify_authorization Authorizations allow the addition,
deletion, or modification of proper-
ties within the property group.
value_authorization Authorizations allow changing the
values of any property of the pro-
perty group except
modify_authorization.
The above authorization properties are only used if they
have type astring. If an instance property group does not
have one of the properties, but the instance's service has a
property group of the same name with the property, its
values are used.
Service Action Authorization
Certain actions on service instances may result in service
interruption or deactivation. These actions require an
authorization to ensure that any denial of service is a
deliberate administrative action. Such actions include a
request for execution of the refresh or restart methods, or
placement of a service instance in the maintenance or other
non-operational state. The following authorization allows
such actions to be requested:
SunOS 5.10 Last change: 2 Dec 04 2
Standards, Environments, and Macros smf_security(5)
solaris.smf.manage Authorized to request restart,
refresh, or other state modification
of any service instance.
In addition, the general/action_authorization property can
specify additional authorizations that permit service
actions to be requested for that service instance. The
solaris.smf.manage authorization is required to modify this
property.
Defined Rights Profiles
Two rights profiles are included that offer grouped authori-
zations for manipulating typical smf(5) operations.
Service Management
A service manager can manipulate any service in the
repository in any way. It corresponds to the
solaris.smf.manage and solaris.smf.modify authoriza-
tions.
The service management profile is the minimum required
to use the pkgadd(1M) or pkgrm(1M) commands to add or
remove software packages that contain an inventory of
services in its service manifest.
Service Operator
A service operator has the ability to enable or disable
any service instance on the system, as well as request
that its restart or refresh method be executed. It
corresponds to the solaris.smf.manage and
solaris.smf.modify.framework authorizations.
Sites can define additional rights profiles customized
to their needs.
Remote Repository Modification
Remote repository servers may deny modification attempts due
to additional privilege checks. See NOTES.
SEE ALSO
auths(1), profiles(1), pkgadd(1M), pkgrm(1M), prof_attr(4),
user_attr(4), rbac(5), smf(5)
SunOS 5.10 Last change: 2 Dec 04 3
Standards, Environments, and Macros smf_security(5)
NOTES
The present version of smf(5) does not support remote repo-
sitories.
SunOS 5.10 Last change: 2 Dec 04 4
Man(1) output converted with
man2html and wrapped by fishsponge
This page was generated on Wed Sep 12 11:27:59 GMT 2007
|
Your favourite pages:
No pages logged yet.
Trying to save cookie... Top 10 most popular pages:
sqlite3 man page (5334 hits)
(openSUSE 10.2)
svn man page (5208 hits)
(FreeBSD 6.2)
adv_cap_autoneg man page (4870 hits)
(Solaris 10 11_06)
CPAN man page (4607 hits)
(Suse Linux 10.1)
ssh man page (4342 hits)
(Suse Linux 10.1)
ssh-socks5-proxy-connect man page (2876 hits)
(Solaris 10 11_06)
netcat man page (2717 hits)
(Suse Linux 10.1)
pprosetup man page (2487 hits)
(Solaris 10 11_06)
startproc man page (2471 hits)
(Suse Linux 10.1)
signal man page (2407 hits)
(Suse Linux 10.1)
|
Man Pages 
