Manualshelf

Specifications

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 3 - DEVELOPER TOOLS GUIDE
71727374757677787980
Red Hat Enterprise Linux to Oracle Solaris Porting Guide
70
with the least privilege model to more securely run daemons such as httpd, which need to bind to
privileged ports. Many such programs do not actually need root access for anything other than
listening on a port below 1024, so granting the role to a user that runs the process net_privaddr
would remove the need for ever running the process with EUID 0.
Oracle Solaris RBAC configuration is controlled through four main files:
/etc/security/exec_attr, /etc/security/prof_attr,
/etc/security/auth_attr, and /etc/user_attr.
exec_attr specifies the execution attributes associated with profiles. This generally includes the
user and group IDs, commands, and default/limit privileges.
prof_attr specifies a collection of execution profile names, descriptions, and other attributes.
auth_attr specifies authorization definitions and descriptions.
user_attr specifies user and role definitions along with their assigned authorizations, profiles,
and projects.
For security reasons, by default, only root has the privilege to use DTrace. To allow a group of users
to use DTrace, a system administrator would either create a role that had access to the DTrace
privileges or assign the privilege directly to the user.
To create a support role and grant appropriate privileges, use the following steps:
#roleadd -u 201 -d /export/home/support -P "Process Management" support
#rolemod -K defaultpriv=basic,dtrace_kernel,dtrace_proc,dtrace_user support
Now the users with the role support can use su to access support (after providing the
appropriate password) and run the necessary DTrace commands.
Instead of adding roles and making the users access the role via su, a system administrator can also
directly assign privileges to a user:
#usermod -K defaultpriv=basic,dtrace_kernel,dtrace_proc,dtrace_user USER1
Note: The user must be logged out in order for the command above to succeed.
Privilege awareness is a mechanism that allows legacy applications to retain full compatibility with the
traditional full privilege model. Each process also has a privilege awareness state that can be set to privilege
aware (PA) or not-privilege aware (NPA). Legacy applications that are NPA will appear to be granted all
privileges (in the set L) if EUID, RUID, or SUID are 0 (root). Note that when a process calls exec,
the kernel tries to relinquish privilege awareness.
In Oracle Solaris, although most of the normal setuid/setgid executables have been rewritten to
be privilege aware (PA), they still have their setuid/setgid flags set. This is necessary for the
program to first gain the appropriate root privilege and then drop the unnecessary ones. However,
this would require the program to be fully privilege aware and some setuid/setgid programs
might not have been ported yet.