prof_attr man page on SmartOS
Printed from http://www.polarhome.com/service/man/?qf=prof_attr&af=0&tf=2&of=SmartOS

PROF_ATTR(4)							  PROF_ATTR(4)

NAME
       prof_attr - profile description database

SYNOPSIS
       /etc/security/prof_attr

DESCRIPTION
       /etc/security/prof_attr	is a local source for execution profile names,
       descriptions, and other attributes of execution profiles. The prof_attr
       file  can  be  used with other profile sources, including the prof_attr
       NIS map and NIS+ table. Programs use the	 getprofattr(3SECDB)  routines
       to gain access to this information.

       The  search  order  for	multiple prof_attr sources is specified in the
       /etc/nsswitch.conf file, as described in the nsswitch.conf(4) man page.

       An execution profile is a mechanism used to bundle  together  the  com‐
       mands and authorizations needed to perform a specific function. An exe‐
       cution profile can also contain other execution profiles. Each entry in
       the  prof_attr  database	 consists  of one line of text containing five
       fields separated by colons (:). Line continuations using the  backslash
       (\) character are permitted. The format of each entry is:

       profname:res1:res2:desc:attr

       profname
		   The name of the profile. Profile names are case-sensitive.

       res1
		   Reserved for future use.

       res2
		   Reserved for future use.

       desc
		   A  long  description. This field should explain the purpose
		   of the profile, including what type of user would be inter‐
		   ested  in using it. The long description should be suitable
		   for displaying in the help text of an application.

       attr
		   An optional list of semicolon-separated (;) key-value pairs
		   that	 describe  the	security  attributes  to  apply to the
		   object upon execution. Zero or more keys can be  specified.
		   There  are  four  valid  keys:  help,  profiles, auths, and
		   privs.

		   help is assigned the name of	 a  file  ending  in  .htm  or
		   .html.

		   auths  specifies  a	comma-separated	 list of authorization
		   names chosen from those names defined in  the  auth_attr(4)
		   database.  Authorization  names  can be specified using the
		   asterisk  (*)  character  as	 a  wildcard.	For   example,
		   solaris.printer.*  would  mean  all of Sun's authorizations
		   for printing.

		   profiles specifies a comma-separated list of profile	 names
		   chosen from those names defined in the prof_attr database.

		   privs  specifies a comma-separated list of privileges names
		   chosen from those names defined in the priv_names(4)	 data‐
		   base.  These privileges can then be used for executing com‐
		   mands with pfexec(1).

EXAMPLES
       Example 1 Allowing Execution of All Commands

       The following entry allows the user to execute all commands:

	 All:::Use this profile to give a :help=All.html

       Example 2 Consulting the Local prof_attr File First

       With the following nsswitch.conf entry, the  local  prof_attr  file  is
       consulted before the NIS+ table:

	 prof_attr: files nisplus

FILES
       /etc/nsswitch.conf

       /etc/security/prof_attr

NOTES
       When deciding which authorization source to use (see DESCRIPTION), keep
       in mind that NIS+ provides stronger authentication than NIS.

       The root user is usually defined in local databases because root	 needs
       to  be able to log in and do system maintenance in single-user mode and
       at other times when the network name service databases are  not	avail‐
       able.  So  that the profile definitions for root can be located at such
       times, root's profiles should be defined in the local  prof_attr	 file,
       and  the	 order	shown in the example nsswitch.conf(4) file entry under
       EXAMPLES is highly recommended.

       Because the list of legal keys is  likely  to  expand,  any  code  that
       parses  this database must be written to ignore unknown key-value pairs
       without error. When any new keywords are created, the names  should  be
       prefixed	 with  a unique string, such as the company's stock symbol, to
       avoid potential naming conflicts.

       Each application has its own requirements for whether  the  help	 value
       must  be	 a  relative  pathname ending with a filename or the name of a
       file. The only known requirement is for the name of a file.

       The following characters are used in describing the database format and
       must  be escaped with a backslash if used as data: colon (:), semicolon
       (;), equals (=), and backslash (\).

SEE ALSO
       auths(1),   pfexec(1),	profiles(1),   getauthattr(3SECDB),    getpro‐
       fattr(3SECDB),	 getuserattr(3SECDB),	 auth_attr(4),	 exec_attr(4),
       priv_names(4), user_attr(4)

				  Apr 3, 2008			  PROF_ATTR(4)
[top]

List of man pages available for SmartOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net