q | A role is a special type of account that can be associated with one or more users, and those users are said to have assumed the role. |
q | A rights profile is a collection of rights such as authorization, commands with assigned security attributes, and other rights profiles, that can be assigned to a role. |
q | An authorization is a discrete permission that enables a user (or a role) to perform a class of actions that could affect security. It is typically assigned to a profile; the roles acquire it through profiles, and users through roles. |
q | The /etc/security/policy.conf database contains default rights profiles, authorizations, and privileges that are applied to all the users. |
q | The /etc/user_attr database assigns the roles to the users and the profiles to the roles. |
q | The /etc/security/prof_attr database defines the profiles by specifying profile names and assigning them the authorization. |
q | The /etc/security/auth_attr database defines the authorizations. |
q | The /etc/security/exec_attr database assigns commands with security attributes to profiles. |
q | The roleadd command is used to create a role and works just like the useradd command. |
q | The rolemod command is used to modify a property of a role and works just like the usermod command. |
q | The roledel command is used to delete a role and works just like the userdel command. |
q | The syslogd daemon automatically logs various system warnings and errors in message files whose location by default is the /sys/adm directory. |
q | The configuration file for the syslogd daemon is /etc/syslog.conf, which tells syslogd the name of the files to which the messages should be forwarded. |
q | You can manage syslog by using the SMF command svcadm on the service identifier svc:/system/system-log:default. |