| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
6. Verifying File Integrity by Using BART (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
Role-Based Access Control (Overview)
RBAC: An Alternative to the Superuser Model
RBAC Elements and Basic Concepts
Privileged Applications and RBAC
Applications That Check UIDs and GIDs
Applications That Check for Privileges
Applications That Check Authorizations
Security Considerations When Directly Assigning Security Attributes
Usability Considerations When Directly Assigning Security Attributes
Privileges Protect Kernel Processes
Administrative Differences on a System With Privileges
Privileges and System Resources
How Privileges Are Implemented
Expanding a User or Role's Privileges
Restricting a User or Role's Privileges
Assigning Privileges to a Script
9. Using Role-Based Access Control (Tasks)
10. Security Attributes in Oracle Solaris (Reference)
Part IV Cryptographic Services
11. Cryptographic Framework (Overview)
12. Cryptographic Framework (Tasks)
Part V Authentication Services and Secure Communication
14. Using Pluggable Authentication Modules
17. Using Simple Authentication and Security Layer
18. Network Services Authentication (Tasks)
19. Introduction to the Kerberos Service
20. Planning for the Kerberos Service
21. Configuring the Kerberos Service (Tasks)
22. Kerberos Error Messages and Troubleshooting
23. Administering Kerberos Principals and Policies (Tasks)
24. Using Kerberos Applications (Tasks)
25. The Kerberos Service (Reference)
The RBAC features include the following:
The pfedit command enables a non-root user or role to edit specified system files. The user or role must be assigned the solaris.admin.edit/path-to-system-file authorization. This command can be used by the root role to ensure that root actions are placed in the audit record. For more information, see the pfedit(1M) man page.
Extended privilege policy enables specific privileges to be applied to specific filenames, port numbers, and user IDs. For more information, see the ppriv(1) and privileges(5) man pages. For an example of applying extended privilege policy to a port number, see How to Apply Extended Privilege Policy to a Port.
The pam_policy security attribute enables an administrator to configure PAM policy at the system, rights profile, user, and module levels. For more information, see Changes to PAM for This Release and How to Assign a Customized PAM Policy to a User.
The auths command is extended similar to the profiles command. Authorizations can be managed from the command line for the files and LDAP repositories. For more information, see How to Create an Authorization and the auths(1) man page.
A User Manager GUI is available to manage users and roles. For more information, see Chapter 3, Managing User Accounts by Using the User Manager GUI (Tasks), in Managing User Accounts and User Environments in Oracle Solaris 11.1.
|