profiles(1) User Commands profiles(1)
profiles - print execution profiles for a user
profiles [-l] [ user ...]
The profiles command prints on standard output the names of the execu-
tion profiles that have been assigned to you or to the optionally-spec-
ified user or role name. Profiles are a bundling mechanism used to enu-
merate the commands and authorizations needed to peform a specific
function. Along with each listed executable are the process attributes,
such as the effective user and group IDs, with which the process runs
when started by a privileged command interpreter. The profile shells
are pfcsh, pfksh, and pfexec. See the pfexec(1) man page. Profiles can
contain other profiles defined in prof_attr(4).
Multiple profiles can be combined to construct the appropriate access
control. When profiles are assigned, the authorizations are added to
the existing set. If the same command appears in multiple profiles, the
first occurrence, as determined by the ordering of the profiles, is
used for process-attribute settings. For convenience, a wild card can
be specified to match all commands.
When profiles are interpreted, the profile list is loaded from
user_attr(4). If any default profile is defined in /etc/security/pol-
icy.conf (see policy.conf(4)), the list of default profiles will be
added to the list loaded from user_attr(4). Matching entries in
prof_attr(4) provide the authorizations list, and matching entries in
exec_attr(4) provide the commands list.
-l Lists the commands in each profile followed by the special
process attributes such as user and group IDs.
Example 1: Sample output
The output of the profiles command has the following form:
example% profiles tester01 tester02
tester01 : Audit Management, All Commands
tester02 : Device Management, All Commands
Example 2: Using the list option
example% profiles -l tester01 tester02
/usr/sbin/auditconfig euid=root egid=sys
The following exit values are returned:
0 Successful completion.
1 An error occurred.
See attributes(5) for descriptions of the following attributes:
tab() allbox; cw(2.750000i)| cw(2.750000i) lw(2.750000i)|
lw(2.750000i). ATTRIBUTE TYPEATTRIBUTE VALUE AvailabilitySUNWcsu
auths(1), pfexec(1), roles(1), getprofattr(3SECDB), exec_attr(4), pol-
icy.conf(4), prof_attr(4), user_attr(4), attributes(5)
SunOS 5.10 11 Feb 2000 profiles(1)