Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Apropos / Subsearch:
optional field

prof_attr(4)                     File Formats                     prof_attr(4)

       prof_attr - profile description database


       /etc/security/prof_attr  is a local source for execution profile names,
       descriptions, and other attributes of execution profiles. The prof_attr
       file  can  be  used with other profile sources, including the prof_attr
       NIS map and NIS+ table. Programs use the  getprofattr(3SECDB)  routines
       to gain access to this information.

       The  search  order  for  multiple prof_attr sources is specified in the
       /etc/nsswitch.conf file, as  described  in  the   nsswitch.conf(4)  man

       An  execution  profile  is a mechanism used to bundle together the com-
       mands and authorizations needed to perform a specific function. An exe-
       cution profile can also contain other execution profiles. Each entry in
       the prof_attr database consists of one line  of  text  containing  five
       fields  separated by colons (:). Line continuations using the backslash
       (\) character are permitted. The format of each entry is:


       profname        The name of the profile. Profile names are  case-sensi-

       res1            Reserved for future use.

       res2            Reserved for future use.

       desc            A  long description. This field should explain the pur-
                       pose of the profile, including what type of user  would
                       be  interested in using it. The long description should
                       be suitable for displaying  in  the  help  text  of  an

       attr            An  optional  list of semicolon-separated (;) key-value
                       pairs that describe the security attributes to apply to
                       the  object  upon  execution.  Zero or more keys may be
                       specified. There are three valid keys: help, profs, and

                       help  is  assigned the name of a file ending in .htm or

                       auths specifies a comma-separated list of authorization
                       names   chosen   from   those   names  defined  in  the
                       auth_attr(4) database. Authorization names may be spec-
                       ified  using  the asterisk (*) character as a wildcard.
                       For example, solaris.printer.* would mean all of  Sun's
                       authorizations for printing.

                       profs specifies a comma-separated list of profile names
                       chosen from those names defined in the prof_attr  data-

       Example 1: Allowing execution of all commands

       The following entry allows the user to execute all commands:

       All:::Use this profile to give a :help=All.html

       Example 2: Consulting the local prof_attr file first

       With  the  following  nsswitch.conf  entry, the local prof_attr file is
       consulted before the NIS+ table:

       prof_attr: files nisplus



       When deciding which authorization source to use (see DESCRIPTION), keep
       in mind that NIS+ provides stronger authentication than NIS.

       The  root user is usually defined in local databases because root needs
       to be able to log in and do system maintenance in single-user mode  and
       at  other  times when the network name service databases are not avail-
       able. So that the profile definitions for root can be located  at  such
       times,  root's  profiles should be defined in the local prof_attr file,
       and the order shown in the example  nsswitch.conf(4) file  entry  under
       EXAMPLES is highly recommended.

       Because  the  list  of  legal  keys  is likely to expand, any code that
       parses this database must be written to ignore unknown key-value  pairs
       without  error. When any new keywords are created,  the names should be
       prefixed with a unique string, such as the company's stock  symbol,  to
       avoid potential naming conflicts.

       Each  application  has  its own requirements for whether the help value
       must be a relative pathname ending with a filename or  the  name  of  a
       file. The only known requirement is for the name of a file.

       The following characters are used in describing the database format and
       must be escaped with a backslash if used as data: colon (:),  semicolon
       (;), equals (=), and backslash (\).

       auths(1),    profiles(1),   getauthattr(3SECDB),   getprofattr(3SECDB),
       getuserattr(3SECDB), auth_attr(4), exec_attr(4), user_attr(4)

SunOS 5.10                        11 Feb 2000                     prof_attr(4)