smf_security man page on SmartOS

Man page or keyword search:  
man Server   16655 pages
apropos Keyword Search (all sections)
Output format
SmartOS logo
[printable version]

SMF_SECURITY(5)						       SMF_SECURITY(5)

NAME
       smf_security - service management facility security behavior

DESCRIPTION
       The  configuration  subsystem  for  the	service	 management  facility,
       smf(5), requires privilege to modify the configuration  of  a  service.
       Privileges  are	granted	 to  a	user by associating the authorizations
       described below to the user through user_attr(4) and prof_attr(4).  See
       rbac(5).

       The  following authorization is used to manipulate services and service
       instances.

       solaris.smf.modify
			     Authorized to add, delete,	 or  modify  services,
			     service  instances,  or  their properties, and to
			     read protected property values.

   Property Group Authorizations
       The smf(5) configuration subsystem associates properties with each ser‐
       vice  and  service instance. Related properties are grouped. Groups can
       represent an  execution	method,	 credential  information,  application
       data,  or  restarter  state.  The  ability to create or modify property
       groups can cause smf(5) components to perform actions that can  require
       operating  system privilege. Accordingly, the framework requires appro‐
       priate authorization to manipulate property groups.

       Each property group has a type corresponding to its purpose.  The  core
       property	 group	types  are method, dependency, application, and frame‐
       work. Additional property group types can be introduced, provided  they
       conform	to  the	 extended  naming  convention in smf(5). The following
       basic authorizations, however, apply only to the	 core  property	 group
       types:

       solaris.smf.modify.method

	   Authorized to change values or create, delete, or modify a property
	   group of type method.

       solaris.smf.modify.dependency

	   Authorized to change values or create, delete, or modify a property
	   group of type dependency.

       solaris.smf.modify.application

	   Authorized  to  change  values,  read protected values, and create,
	   delete, or modify a property group of type application.

       solaris.smf.modify.framework

	   Authorized to change values or create, delete, or modify a property
	   group of type framework.

       solaris.smf.modify

	   Authorized  to  add, delete, or modify services, service instances,
	   or their properties, and to read protected property values.

       Property group-specific authorization can be  specified	by  properties
       contained in the property group.

       modify_authorization
			       Authorizations allow the addition, deletion, or
			       modification of properties within the  property
			       group,  and  the	 retrieval  of property values
			       from the property group if protected.

       value_authorization
			       Authorizations allow changing the values of any
			       property	 of  the  property  group  except mod‐
			       ify_authorization, and  the  retrieval  of  any
			       property	  values  except  modify_authorization
			       from the property group if protected.

       read_authorization
			       Authorizations allow the retrieval of  property
			       values  within the property group. The presence
			       of a  string-valued  property  with  this  name
			       identifies  the	containing  property  group as
			       protected. This property has no effect on prop‐
			       erty  groups  of	 types other than application.
			       See Protected Property Groups.

       The above authorization properties are only  used  if  they  have  type
       astring. If an instance property group does not have one of the proper‐
       ties, but the instance's service has a property group of the same  name
       with the property, its values are used.

   Protected Property Groups
       Normally, all property values in the repository can be read by any user
       without explicit authorization. Property groups of non-framework	 types
       can  be	used  to store properties with values that require protection.
       They must not be revealed except upon proper authorization. A  property
       group's	status	as protected is indicated by the presence of a string-
       valued read_authorization property.  If this property is	 present,  the
       values  of  all properties in the property group is retrievable only as
       described in Property Group Authorizations.

       Administrative domains with policies that prohibit backup of data  con‐
       sidered	sensitive  should  exclude  the	 SMF repository databases from
       their backups. In the face of such  a  policy,  non-protected  property
       values can be backed up by using the svccfg(1M) archive command to cre‐
       ate an archive of the repository without protected property values.

   Service Action Authorization
       Certain actions on service instances can result in service interruption
       or  deactivation. These actions require an authorization to ensure that
       any denial of service  is  a  deliberate	 administrative	 action.  Such
       actions include a request for execution of the refresh or restart meth‐
       ods, or placement of a service instance in  the	maintenance  or	 other
       non-operational	state. The following authorization allows such actions
       to be requested:

       solaris.smf.manage
			     Authorized to request restart, refresh, or	 other
			     state modification of any service instance.

       In  addition,  the  general/action_authorization	 property  can specify
       additional authorizations that permit service actions to	 be  requested
       for  that  service  instance.  The  solaris.smf.manage authorization is
       required to modify this property.

   Defined Rights Profiles
       Two rights profiles are included that offer grouped authorizations  for
       manipulating typical smf(5) operations.

       Service Management
			     A	service	 manager can manipulate any service in
			     the repository in any way. It corresponds to  the
			     solaris.smf.manage	 and solaris.smf.modify autho‐
			     rizations.

			     The service management  profile  is  the  minimum
			     required  to use the pkgadd(1M) or pkgrm(1M) com‐
			     mands to add or  remove  software	packages  that
			     contain  an  inventory of services in its service
			     manifest.

       Service Operator
			     A service operator has the ability to  enable  or
			     disable  any  service  instance on the system, as
			     well as  request  that  its  restart  or  refresh
			     method   be  executed.   It  corresponds  to  the
			     solaris.smf.manage and  solaris.smf.modify.frame‐
			     work authorizations.

			     Sites  can define additional rights profiles cus‐
			     tomized to their needs.

   Remote Repository Modification
       Remote repository servers can deny modification attempts due  to	 addi‐
       tional privilege checks. See NOTES.

SEE ALSO
       auths(1), profiles(1), pkgadd(1M), pkgrm(1M), svccfg(1M), prof_attr(4),
       user_attr(4), rbac(5), smf(5)

NOTES
       The present version of smf(5) does not support remote repositories.

       When a service is configured to be started as root but with  privileges
       different  from	limit_privileges,  the	resulting process is privilege
       aware.  This can be surprising to developers who	 expect	 seteuid(<non-
       zero UID>) to reduce privileges to basic or less.

				 May 20, 2009		       SMF_SECURITY(5)
[top]

List of man pages available for SmartOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net