profiles(1)

NAME

     profiles - print execution profiles for a user

SYNOPSIS

     profiles [-l] [ user ...]

DESCRIPTION

     The profiles command prints on standard output the names  of
     the  execution profiles that have been assigned to you or to
     the optionally-specified user or role name. Profiles  are  a
     bundling  mechanism  used  to  enumerate  the  commands  and
     authorizations needed to peform a specific  function.  Along
     with each listed executable are the process attributes, such
     as the effective user and group IDs, with which the  process
     runs  when  started by a privileged command interpreter. The
     profile  shells  are  pfcsh,  pfksh,  and  pfexec.  See  the
     pfexec(1)  man  page.  Profiles  can  contain other profiles
     defined in prof_attr(4).

     Multiple profiles can be combined to construct the appropri-
     ate access control. When profiles are assigned, the authori-
     zations are added to the existing set. If the  same  command
     appears  in  multiple  profiles,  the  first  occurrence, as
     determined by the ordering of  the  profiles,  is  used  for
     process-attribute settings. For convenience, a wild card can
     be specified to match all commands.

     When profiles are interpreted, the profile  list  is  loaded
     from  user_attr(4).   If  any  default profile is defined in
     /etc/security/policy.conf (see policy.conf(4)), the list  of
     default  profiles  will  be  added  to  the list loaded from
     user_attr(4).  Matching entries in prof_attr(4) provide  the
     authorizations  list,  and  matching entries in exec_attr(4)
     provide the commands list.

OPTIONS

     -l    Lists the commands in each  profile  followed  by  the
           special process attributes such as user and group IDs.

EXAMPLES

     Example 1: Sample output

     The output of the profiles command has the following form:

     example% profiles tester01 tester02
     tester01 : Audit Management, All Commands
     tester02 : Device Management, All Commands
     example%

     Example 2: Using the list option

     example% profiles -l tester01 tester02
     tester01 :
         Audit Management:
           /usr/sbin/audit          euid=root
           /usr/sbin/auditconfig    euid=root    egid=sys
         All Commands:
           *
     tester02 :
         Device Management:
           /usr/bin/allocate:       euid=root
           /usr/bin/deallocate:     euid=root
         All Commands
           *
     example%

EXIT STATUS

     The following exit values are returned:

      0    Successful completion.

     1     An error occurred.

FILES

     /etc/security/exec_attr

     /etc/security/prof_attr

     /etc/user_attr

     /etc/security/policy.conf

ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWcsu                     |
    |_____________________________|_____________________________|

SEE ALSO

     auths(1),    pfexec(1),    roles(1),    getprofattr(3SECDB),
     exec_attr(4),  policy.conf(4),  prof_attr(4),  user_attr(4),
     attributes(5)
Man(1) output converted with man2html