smf_security(5) Standards, Environments, and Macros smf_security(5)NAMEsmf_security - service management facility security behavior
DESCRIPTION
The configuration subsystem for the service management facility,
smf(5), requires privilege to modify the configuration of a service.
Privileges are granted to a user by associating the authorizations
described below to the user through user_attr(4) and prof_attr(4). See
rbac(5).
The following authorization is used to manipulate services and service
instances.
solaris.smf.modify Authorized to add, delete, or modify services,
service instances, or their properties.
Property Group Authorizations
The smf(5) configuration subsystem associates properties with each ser‐
vice and service instance. Related properties are grouped. Groups may
represent an execution method, credential information, application
data, or restarter state. The ability to create or modify property
groups can cause smf(5) components to perform actions that may require
operating system privilege. Accordingly, the framework requires appro‐
priate authorization to manipulate property groups.
Each property group has a type corresponding to its purpose. The core
property group types are method, dependency, application, and frame‐
work. Additional property group types can be introduced, provided they
conform to the extended naming convention in smf(5). The following
basic authorizations, however, apply only to the core property group
types:
solaris.smf.modify.method
Authorized to change values or create, delete, or modify a property
group of type method.
solaris.smf.modify.dependency
Authorized to change values or create, delete, or modify a property
group of type dependency.
solaris.smf.modify.application
Authorized to change values or create, delete, or modify a property
group of type application.
solaris.smf.modify.framework
Authorized to change values or create, delete, or modify a property
group of type framework.
solaris.smf.modify
Authorized to add, delete, or modify services, service instances,
or their properties.
Property group-specific authorization can be specified by properties
contained in the property group.
modify_authorization Authorizations allow the addition, deletion, or
modification of properties within the property
group.
value_authorization Authorizations allow changing the values of any
property of the property group except mod‐
ify_authorization.
The above authorization properties are only used if they have type
astring. If an instance property group does not have one of the proper‐
ties, but the instance's service has a property group of the same name
with the property, its values are used.
Service Action Authorization
Certain actions on service instances may result in service interruption
or deactivation. These actions require an authorization to ensure that
any denial of service is a deliberate administrative action. Such
actions include a request for execution of the refresh or restart meth‐
ods, or placement of a service instance in the maintenance or other
non-operational state. The following authorization allows such actions
to be requested:
solaris.smf.manage Authorized to request restart, refresh, or other
state modification of any service instance.
In addition, the general/action_authorization property can specify
additional authorizations that permit service actions to be requested
for that service instance. The solaris.smf.manage authorization is
required to modify this property.
Defined Rights Profiles
Two rights profiles are included that offer grouped authorizations for
manipulating typical smf(5) operations.
Service Management A service manager can manipulate any service in
the repository in any way. It corresponds to the
solaris.smf.manage and solaris.smf.modify autho‐
rizations.
The service management profile is the minimum
required to use the pkgadd(1M) or pkgrm(1M) com‐
mands to add or remove software packages that
contain an inventory of services in its service
manifest.
Service Operator A service operator has the ability to enable or
disable any service instance on the system, as
well as request that its restart or refresh
method be executed. It corresponds to the
solaris.smf.manage and solaris.smf.modify.frame‐
work authorizations.
Sites can define additional rights profiles cus‐
tomized to their needs.
Remote Repository Modification
Remote repository servers may deny modification attempts due to addi‐
tional privilege checks. See NOTES.
SEE ALSOauths(1), profiles(1), pkgadd(1M), pkgrm(1M), prof_attr(4),
user_attr(4), rbac(5), smf(5)NOTES
The present version of smf(5) does not support remote repositories.
When a service is configured to be started as root but with privileges
different from limit_privileges, the resulting process is privilege
aware. This can be surprising to developers who expect seteuid(<non-
zero UID>) to reduce privileges to basic or less.
SunOS 5.10 20 May 2009 smf_security(5)
