Manual Pages for UNIX Operating System command usage for man prof_attr

File Formats                                         prof_attr(4)



NAME
     prof_attr - profile description database

SYNOPSIS
     /etc/security/prof_attr


DESCRIPTION
     /etc/security/prof_attr is a local source for execution pro-
     file  names, descriptions, and other attributes of execution
     profiles. The prof_attr file can be used with other  profile
     sources,  including  the prof_attr NIS map. Programs use the
     getprofattr(3SECDB) routines to gain access to this informa-
     tion.


     The search order for multiple prof_attr sources is specified
     in   the   /etc/nsswitch.conf  file,  as  described  in  the
     nsswitch.conf(4) man page.


     An execution profile is a mechanism used to bundle  together
     the commands and authorizations needed to perform a specific
     function. An execution profile can also contain other execu-
     tion profiles. Each entry in the prof_attr database consists
     of one line of text  containing  five  fields  separated  by
     colons (:). Line continuations using the backslash (\) char-
     acter are permitted. The format of each entry is:


     profname:res1:res2:desc:attr

     profname    The name  of  the  profile.  Profile  names  are
                 case-sensitive.


     res1        Reserved for future use.


     res2        Reserved for future use.


     desc        A long description. This  field  should  explain
                 the  purpose of the profile, including what type
                 of user would be interested  in  using  it.  The
                 long description should be suitable for display-
                 ing in the help text of an application.


     attr        An  optional  list  of  semicolon-separated  (;)
                 key-value   pairs  that  describe  the  security
                 attributes  to  apply   to   the   object   upon



SunOS 5.11           Last change: 6 Jul 2020                    1






File Formats                                         prof_attr(4)



                 execution.  Zero  or more keys can be specified.
                 The following keys are currently interpreted  by
                 the system:

                 help is assigned the name of a  file  ending  in
                 .htm or .html.

                 auths  specifies  a  comma-separated   list   of
                 authorization  names  chosen  from  those  names
                 defined in the auth_attr(4) database. Authoriza-
                 tion  names  can be specified using the asterisk
                 (*)  character  as  a  wildcard.  For   example,
                 solaris.printer.*   would   mean  all  of  Sun's
                 authorizations for printing.

                 audit_flags specifies per-user  Audit  preselec-
                 tion flags as colon-separated always-audit-flags
                 and     never-audit-flags.     For      example,
                 audit_flags=always-audit-flags:never-audit-
                 flags. See audit_flags(5).

                 profiles specifies  a  comma-separated  list  of
                 profile names chosen from those names defined in
                 the prof_attr database.

                 privs  specifies  a  comma-separated   list   of
                 privileges names chosen from those names defined
                 in the priv_names(4) database. These  privileges
                 can  then  be  used  for executing commands with
                 pfexec(1).

                 defaultpriv and limitpriv have the  same  seman-
                 tics as in user_attr(4).  If they are not speci-
                 fied in the  user_attr  database,  the  assigned
                 profiles are searched until a match is found.


EXAMPLES
     Example 1 Allowing Execution of All Commands


     The following entry allows the user to execute all commands:


       All:::Use this profile to give a :help=All.html



     Example 2 Consulting the Local prof_attr File First






SunOS 5.11           Last change: 6 Jul 2020                    2






File Formats                                         prof_attr(4)



     With the following nsswitch.conf entry, the local  prof_attr
     file is consulted before the NIS map:


       prof_attr: files nis



FILES
     /etc/nsswitch.conf


     /etc/security/prof_attr

NOTES
     The root user is usually defined in local databases  because
     root needs to be able to log in and do system maintenance in
     single-user mode and at other times when  the  network  name
     service  databases  are  not  available. So that the profile
     definitions for root can be located at  such  times,  root's
     profiles  should be defined in the local prof_attr file, and
     the order shown in the example nsswitch.conf(4)  file  entry
     under EXAMPLES is highly recommended.


     Because the list of legal keys is likely to expand, any code
     that  parses this database must be written to ignore unknown
     key-value pairs without error. When  any  new  keywords  are
     created,  the names should be prefixed with a unique string,
     such as the company's stock symbol, to avoid potential  nam-
     ing conflicts.


     Each application has its own requirements  for  whether  the
     help  value  must  be  a  relative  pathname  ending  with a
     filename or the name of a file. The only  known  requirement
     is for the name of a file.


     The following characters are used in describing the database
     format and must be escaped with a backslash if used as data:
     colon (:), semicolon (;), equals (=), and backslash (\).

SEE ALSO
     auths(1),   pfexec(1),   profiles(1),   getauthattr(3SECDB),
     getprofattr(3SECDB),    getuserattr(3SECDB),   auth_attr(4),
     exec_attr(4), priv_names(4), user_attr(4), audit_flags(5)








SunOS 5.11           Last change: 6 Jul 2020                    3