My little Solaris security cheat sheet
By artem on Feb 03, 2006
This returned me to sanity a few times while learning about Solaris security. Like many others, I'm not a security expert and I often need a short version to fit in my head.
authorization A right assigned to users that is checked by privileged programs to determine whether users can execute restricted functionality. More in auth_attr(4).
privilege An attribute that provides fine-grained control over the actions of processes, as opposed to traditional unix all-or-nothing, super-user vs user, model. More in privileges(5).
profile A logical grouping of authorizations and commands. Profile shells, pf[ck]sh, interpret profiles to form a secure execution environment. More in prof_attr(4), exec_attr(4).
role A type of user account, with associated authorizations and profiles. Roles cannot be logged in directly - users assume roles using su(1M).
|how to get||CLI||API|
|Per-user: all user processes have same authorizations.||Per-process: each process has separate privilege sets.|
|Static: once assigned to user, remains the same.||Dynamic: privilege sets can change during process lifecycle.|
|A simple token. In theory can be easily added to other OSes.||Integrated deep into Solaris.|
|Userland||Userland and kernel.|
|Introduced in Solaris 8 1||Introduced in Solaris 10 1|
1Was also available much earlier in Trusted Solaris.