what is the impact of the following sequence of commands?

Assuming that a user called “operator” exists on the system and is configured to use a profile
shell, what is the impact of the following sequence of commands?

Assuming that a user called “operator” exists on the system and is configured to use a profile
shell, what is the impact of the following sequence of commands?

A.
The “operator” account willbe able to configure NTP properties.

B.
The “operator” account willbeable to restart the NTP service.

C.
The “operator” account willnot be able to log in using SSH.

D.
The “operator” account willnot be impacted by these changes.

E.
The “operator” account willonly beaccessibleusing “su”

Explanation:
The Stop rights profile is the simplest way to create a restricted shell. The
authorizations and rights profiles that are assigned in the policy.conf file are not consulted. In the
default configuration, the role or user is not assigned the Basic Solaris User rights profile, the
Console User rights profile, or the solaris.device.cdrw authorization.
Example:
Assign the Desktop Applets rights profile and the Stop rights profile to the user.
# usermod -P “Desktop Applets,Stop” username
This user does not have the Basic Solaris User rights profile or the Console User rights profile.
Therefore, no commands other than the commands in the Desktop Applets rights profile can be
run by this user.
Note:
*The usermod utility modifies a user’s login definition on the system. It changes the definition of
the specified login and makes the appropriate login-related system file and file system changes.
*Synopsis
usermod [-u uid [-o]] [-g group] [-G group [, group…]]
[-d dir [-m]] [-s shell] [-c comment] [-l new_name]
[-f inactive] [-e expire]

[-A authorization [, authorization]]
[-P profile [, profile]] [-R role [, role]]
[-K key=value] login
*-P profile
One or more comma-separated rightsprofiles defined in prof_attr.
*prof_attr
– profile description database

Show Hint

Leave a Reply 3

Your email address will not be published. Required fields are marked *

dupek

dupek

B is correct
operator@s11exam:~$ getent auth_attr | grep ntp
solaris.smf.manage.ntp:::Manage NTP service states::help=SmfNTPStates.html
solaris.smf.value.ntp:::Change NTP value properties::help=SmfValueNTP.html
operator@s11exam:~$

Reply

dupek

dupek

operator@s11exam:~$ svccfg
svc:> select svc:/network/ntp:default
svc:/network/ntp:default> listprop
config application
config/always_allow_large_step boolean true
config/debuglevel integer 0
config/logfile astring /var/ntp/ntp.log
config/mdnsregister boolean false
config/no_auth_required boolean false
config/slew_always boolean false
config/value_authorization astring solaris.smf.value.ntp
config/verbose_logging boolean false
config/wait_for_sync boolean false
general framework
general/complete astring
general/enabled boolean false
restarter framework NONPERSISTENT
restarter/auxiliary_state astring per_configuration
restarter/next_state astring none
restarter/state astring disabled
restarter/state_timestamp time 1435079342.816886000
restarter_actions framework NONPERSISTENT
restarter_actions/auxiliary_tty boolean true
restarter_actions/auxiliary_fmri astring svc:/network/ssh:default
svc:/network/ntp:default> setprop config/mdnsregister=true
svc:/network/ntp:default> end
operator@s11exam:~$ svcadm refresh svc:/network/ntp:default

operator@s11exam:~$ svcprop svc:/network/ntp:default | grep mdns
config/mdnsregister boolean true

operator@s11exam:~$ profiles
NTP Operator

Reply

dupek

dupek

operator@s11exam:~$ profiles -p “NTP Operator”
profiles:NTP Operator> info
name=NTP Operator
desc=NTP Operator
auths=solaris.smf.manage.ntp,solaris.smf.value.ntp

Reply