Which option correctly describes how you could achieve this task?

Yon are using the svc:/network/http:apache22 service to manage your web server.
You have noticed that this service starts as the root: user and later changes to a nonprivileged
user called webservd. You do not want this service to operate as the root user and any time.
Which option correctly describes how you could achieve this task?

Yon are using the svc:/network/http:apache22 service to manage your web server.
You have noticed that this service starts as the root: user and later changes to a nonprivileged
user called webservd. You do not want this service to operate as the root user and any time.
Which option correctly describes how you could achieve this task?

A.
Modify the privileges in the service configuration.

B.
Add an authorization to the webservd users’ rights’ profile.

C.
Create a webservd role with a modified exec_attr entry.

D.
Modify the PHIV_AWARE state of the service configuration.

Explanation:
A service can be configured to run within a limited set of privileges, rather than as
the all-powerful root user.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


dupek

dupek

A
http://www.oracle.com/technetwork/systems/hands-on-labs/s11-security-1408641.html

1 oracle@solaris:~# svccfg -s apache22
2 svc:/network/http:apache22> setprop start/user = astring: webservd
3 svc:/network/http:apache22> setprop start/group = astring: webservd
4 svc:/network/http:apache22> setprop start/privileges = astring:
5 basic,!proc_session,!proc_info,!file_link_any,net_privaddr
6 svc:/network/http:apache22> setprop start/limit_privileges = astring: :default
7 svc:/network/http:apache22> setprop start/use_profile = boolean: false
8 svc:/network/http:apache22> setprop start/supp_groups = astring: :default
9 svc:/network/http:apache22> setprop start/working_directory = astring: :default
10 svc:/network/http:apache22> setprop start/project = astring: :default
11 svc:/network/http:apache22> setprop start/resource_pool = astring: :default
12 svc:/network/http:apache22> end