xref: /illumos-gate/usr/src/man/man1/profiles.1 (revision bbf21555) 
 te
 Copyright (c) 2000, Sun Microsystems, Inc. All Rights Reserved
 The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
 When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
 PROFILES 1 "Jan 7, 2018"
 NAME
profiles - print execution profiles for a user

 SYNOPSIS


profiles [-l] [ user ]...




 DESCRIPTION

The profiles command prints on standard output the names of the execution
profiles that have been assigned to you or to the optionally-specified user or
role name. Profiles are a bundling mechanism used to enumerate the commands and
authorizations needed to perform a specific function. Along with each listed
executable are the process attributes, such as the effective user and group
IDs, with which the process runs when started by a privileged command
interpreter. The profile shells are pfcsh, pfksh, and pfexec.
See the pfexec(1) man page. Profiles can contain other profiles defined
in prof_attr(5).


Multiple profiles can be combined to construct the appropriate access control.
When profiles are assigned, the authorizations are added to the existing set.
If the same command appears in multiple profiles, the first occurrence, as
determined by the ordering of the profiles, is used for process-attribute
settings. For convenience, a wild card can be specified to match all commands.


When profiles are interpreted, the profile list is loaded from
user_attr(5). If any default profile is defined in
/etc/security/policy.conf (see policy.conf(5)), the list of default
profiles are added to the list loaded from user_attr(5). Matching entries
in prof_attr(5) provide the authorizations list, and matching entries in
exec_attr(5) provide the commands list.

 OPTIONS

The following options are supported:
-l


Lists the commands in each profile followed by the special process attributes
such as user and group IDs.




 EXAMPLES

Example 1 Sample Output


The output of the profiles command has the following form:


example% profiles tester01 tester02
tester01 : Audit Management, All Commands
tester02 : Device Management, All Commands
example%





Example 2 Using the list Option

example% profiles -l tester01 tester02
tester01 :
 Audit Management:
 /usr/sbin/audit euid=root
 /usr/sbin/auditconfig euid=root egid=sys
 All Commands:
 *
tester02 :
 Device Management:
 /usr/bin/allocate: euid=root
 /usr/bin/deallocate: euid=root
 All Commands
 *
example%




 EXIT STATUS

The following exit values are returned:
0 


Successful completion.



1 


An error occurred.




 FILES

/etc/security/exec_attr


/etc/security/prof_attr


/etc/user_attr


/etc/security/policy.conf

 SEE ALSO

 auths (1),  pfexec (1),  roles (1),  getprofattr (3SECDB),  exec_attr (5),  policy.conf (5),  prof_attr (5),  user_attr (5),  attributes (7)