Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
profiles(1)							   profiles(1)

       profiles	- print	execution profiles for a user

       profiles	[-l] [ user ...]

       The  profiles command prints on standard	output the names of the	execu-
       tion profiles that have been assigned to	you or to the optionally-spec-
       ified user or role name.	Profiles are a bundling	mechanism used to enu-
       merate the commands and authorizations needed  to  perform  a  specific
       function. Along with each listed	executable are the process attributes,
       such as the effective user and group IDs, with which the	 process  runs
       when  started  by  a privileged command interpreter. The	profile	shells
       are pfcsh, pfksh, and pfexec. See the pfexec(1) man page. Profiles  can
       contain other profiles defined in prof_attr(4).

       Multiple	 profiles  can be combined to construct	the appropriate	access
       control.	When profiles are assigned, the	authorizations	are  added  to
       the existing set. If the	same command appears in	multiple profiles, the
       first occurrence, as determined by the ordering	of  the	 profiles,  is
       used  for  process-attribute settings. For convenience, a wild card can
       be specified to match all commands.

       When  profiles  are  interpreted,  the  profile	list  is  loaded  from
       user_attr(4).  If  any default profile is defined in /etc/security/pol-
       icy.conf	(see policy.conf(4)), the list of default profiles  are	 added
       to  the list loaded from	user_attr(4). Matching entries in prof_attr(4)
       provide the authorizations list,	and matching entries  in  exec_attr(4)
       provide the commands list.

       The following options are supported:

       -l	Lists  the  commands  in  each profile followed	by the special
		process	attributes such	as user	and group IDs.

       Example 1: Sample Output

       The output of the profiles command has the following form:

       example%	profiles tester01 tester02
       tester01	: Audit	Management, All	Commands
       tester02	: Device Management, All Commands

       Example 2: Using	the list Option

       example%	profiles -l tester01 tester02
       tester01	:
	   Audit Management:
	     /usr/sbin/audit	      euid=root
	     /usr/sbin/auditconfig    euid=root	   egid=sys
	   All Commands:
       tester02	:
	   Device Management:
	     /usr/bin/allocate:	      euid=root
	     /usr/bin/deallocate:     euid=root
	   All Commands

       The following exit values are returned:

       0	Successful completion.

       1	An error occurred.





       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWcsu			   |

       auths(1), pfexec(1), roles(1), getprofattr(3SECDB), exec_attr(4),  pol-
       icy.conf(4), prof_attr(4), user_attr(4),	attributes(5)

				  11 Feb 2000			   profiles(1)


Want to link to this manual page? Use this URL:

home | help