User Commands profiles(1)
NAME
profiles - print execution profiles for a user
SYNOPSIS
profiles [-l] [ user ]...
DESCRIPTION
The profiles command prints on standard output the names of
the execution profiles that have been assigned to you or to
the optionally-specified user or role name. Profiles are a
bundling mechanism used to enumerate the commands and authorizations needed to perform a specific function. Along with each listed executable are the process attributes, such as the effective user and group IDs, with which the process runs when started by a privileged command interpreter. The profile shells are pfcsh, pfksh, and pfexec. See thepfexec(1) man page. Profiles can contain other profiles
defined in prof_attr(4).
Multiple profiles can be combined to construct the appropri-
ate access control. When profiles are assigned, the authori-
zations are added to the existing set. If the same commandappears in multiple profiles, the first occurrence, as
determined by the ordering of the profiles, is used for
process-attribute settings. For convenience, a wild card can
be specified to match all commands. The special profile "Stop" shortcuts the evaluations offurther profiles. Profiles seen after the "Stop" profile are
not evaluated nor are they used to find additional commands.This profile can be used to sidestep profiles listed in
/etc/security/policy.conf with the PROF_GRANTED key and the
authorizations listed with AUTH_GRANTED in that file.
When profiles are interpreted, the profile list is loaded
from user_attr(4). If any default profile is defined in
/etc/security/policy.conf (see policy.conf(4)), the list ofdefault profiles are added to the list loaded from
user_attr(4). Matching entries in prof_attr(4) provide the
authorizations list, and matching entries in exec_attr(4)
provide the commands list. OPTIONS The following options are supported:-l Lists the commands in each profile followed by the
special process attributes such as user and group IDs.SunOS 5.11 Last change: 1 Apr 2010 1
User Commands profiles(1)
EXAMPLES
Example 1 Sample OutputThe output of the profiles command has the following form:
example% profiles tester01 tester02tester01 : Audit Management, All Commands
tester02 : Device Management, All Commandsexample%
Example 2 Using the list Optionexample% profiles -l tester01 tester02tester01 :
Audit Management: /usr/sbin/audit euid=root /usr/sbin/auditconfig euid=root egid=sys All Commands: * tester02 : Device Management: /usr/bin/allocate: euid=root /usr/bin/deallocate: euid=root All Commands *example%
EXIT STATUS The following exit values are returned: 0 Successful completion. 1 An error occurred. FILES/etc/security/exec_attr
/etc/security/prof_attr
/etc/user_attr
/etc/security/policy.confSunOS 5.11 Last change: 1 Apr 2010 2
User Commands profiles(1)
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcs ||_____________________________|_____________________________|
SEE ALSO
auths(1), pfexec(1), roles(1), getprofattr(3SECDB),exec_attr(4), policy.conf(4), prof_attr(4), user_attr(4),
attributes(5)SunOS 5.11 Last change: 1 Apr 2010 3