Select the three activities necessary to accomplish this.

alice is a user account used by Alice on a Solaris 11 system.
sadmin is a role account on the same system.
Your task is to add the command /usr/sbin/cryptoadm to the Network management profile, so that
Alice can execute it, while assuming the sadmin role.
Select the three activities necessary to accomplish this.

alice is a user account used by Alice on a Solaris 11 system.
sadmin is a role account on the same system.
Your task is to add the command /usr/sbin/cryptoadm to the Network management profile, so that
Alice can execute it, while assuming the sadmin role.
Select the three activities necessary to accomplish this.

A.
To the file /etc/security/prof_attr, add the line:
Network Management: solaris:cmd:RO::/usr/sbin/cryptoadm:euid=0

B.
To the file /etc/security/auth_attr, add the line:
Network Management: solaris:cmd:RO::/usr/sbin/cryptoadm:euid=0

C.
To the file /etc/security/exec_attr.d/local-entriies, add the line:
Network Management: solaris:cmd:RO::/usr/sbin/cryptoadm:euid=0

D.
Run the roles alice to ensure that alice may assume the role sadmin.

E.
Run the command profiles sadmin to ensure that the role sadmin includes the network
Management profile.

F.
Run the command profiles alice to ensure that the Alice has permissions to access the Network
management profile.

G.
Run the command profiles “Network management” to ensure that the Network management
profile includes the sadmin role.

Explanation:
C: /etc/security/exec_attr is a local database that specifies
the execution attributes associated with profiles. The
exec_attr file can be used with other sources for execution
profiles, including the exec_attr NIS map and NIS+ table.
A profile is a logical grouping of authorizations and commands that is interpreted by a profile shell to form a
secure execution environment.
Reference: man exec_attr

Show Hint

Leave a Reply 4

Your email address will not be published. Required fields are marked *

DM

DM

CDF

Profiles command can only be used on users, not on groups:

# profiles root
root:
All
Console User
Suspend To RAM
Suspend To Disk
Brightness
CPU Power Management
Network Autoconf User
Basic Solaris User

Reply

Hosam Al Ali

Hosam Al Ali

C, D, F – G it’s wrong because profiles command to User NOT to “Network management”

Reply

rocky

rocky

I think pal is right, as you

[C] first set the exec_attr.d/local-entries
[D] then you run the roles alice to be sure that alice can have the sadmin role
/ then give the role sadmin to user alice with usermod -R +sadmin alice if she hasn’t /
[E] and then check whether sadmin role have the NetMgt profile.

you can check:

root@sol11-ai:/var/crash# roles alice
No roles
root@sol11-ai:/var/crash# usermod -R +sadmin alice
root@sol11-ai:/var/crash# roles alice
sadmin
root@sol11-ai:/var/crash# profiles sadmin
sadmin:
Network Management
Name Service Management
Service Configuration
Network Wifi Management
Inetd Management
Network LLDP
Network VRRP
Network Observability
Network Autoconf Admin
Network Autoconf User
Name Service Security
Elastic Virtual Switch Administration
RDS Management
FTP Server Management
Basic Solaris User
All

Reply