unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

profiles(1)                      User Commands                     profiles(1)



NAME
       profiles - print execution profiles for a user

SYNOPSIS
       profiles [-l] [ user ...]

DESCRIPTION
       The  profiles command prints on standard output the names of the execu-
       tion profiles that have been assigned to you or to the optionally-spec-
       ified user or role name. Profiles are a bundling mechanism used to enu-
       merate the commands and authorizations  needed  to  peform  a  specific
       function. Along with each listed executable are the process attributes,
       such as the effective user and group IDs, with which the  process  runs
       when  started  by  a privileged command interpreter. The profile shells
       are pfcsh, pfksh, and pfexec. See the pfexec(1) man page. Profiles  can
       contain other profiles defined in prof_attr(4).

       Multiple  profiles  can be combined to construct the appropriate access
       control. When profiles are assigned, the authorizations  are  added  to
       the existing set. If the same command appears in multiple profiles, the
       first occurrence, as determined by the ordering  of  the  profiles,  is
       used  for  process-attribute settings. For convenience, a wild card can
       be specified to match all commands.

       When  profiles  are  interpreted,  the  profile  list  is  loaded  from
       user_attr(4).   If any default profile is defined in /etc/security/pol-
       icy.conf (see policy.conf(4)), the list of  default  profiles  will  be
       added  to  the  list  loaded  from  user_attr(4).   Matching entries in
       prof_attr(4) provide the authorizations list, and matching  entries  in
       exec_attr(4) provide the commands list.

OPTIONS
       -l       Lists  the  commands  in  each profile followed by the special
                process attributes such as user and group IDs.



EXAMPLES
       Example 1: Sample output

       The output of the profiles command has the following form:


       example% profiles tester01 tester02
       tester01 : Audit Management, All Commands
       tester02 : Device Management, All Commands
       example%


       Example 2: Using the list option

       example% profiles -l tester01 tester02
       tester01 :
           Audit Management:
             /usr/sbin/audit          euid=root
             /usr/sbin/auditconfig    euid=root    egid=sys
           All Commands:
             *
       tester02 :
           Device Management:
             /usr/bin/allocate:       euid=root
             /usr/bin/deallocate:     euid=root
           All Commands
             *
       example%

EXIT STATUS
       The following exit values are returned:

       0        Successful completion.



       1        An error occurred.



FILES
       /etc/security/exec_attr

       /etc/security/prof_attr

       /etc/user_attr

       /etc/security/policy.conf

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:


       tab()    allbox;    cw(2.750000i)|     cw(2.750000i)     lw(2.750000i)|
       lw(2.750000i).  ATTRIBUTE TYPEATTRIBUTE VALUE AvailabilitySUNWcsu


SEE ALSO
       auths(1),  pfexec(1), roles(1), getprofattr(3SECDB), exec_attr(4), pol-
       icy.conf(4), prof_attr(4), user_attr(4), attributes(5)



SunOS 5.10                        11 Feb 2000                      profiles(1)