Two-Minute Drill

q  

A role is a special type of account that can be associated with one or more users, and those users are said to have assumed the role.

q  

A rights profile is a collection of rights such as authorization, commands with assigned security attributes, and other rights profiles, that can be assigned to a role.

q  

An authorization is a discrete permission that enables a user (or a role) to perform a class of actions that could affect security. It is typically assigned to a profile; the roles acquire it through profiles, and users through roles.

q  

The /etc/security/policy.conf database contains default rights profiles, authorizations, and privileges that are applied to all the users.

q  

The /etc/user_attr database assigns the roles to the users and the profiles to the roles.

q  

The /etc/security/prof_attr database defines the profiles by specifying profile names and assigning them the authorization.

q  

The /etc/security/auth_attr database defines the authorizations.

q  

The /etc/security/exec_attr database assigns commands with security attributes to profiles.

q  

The roleadd command is used to create a role and works just like the useradd command.

q  

The rolemod command is used to modify a property of a role and works just like the usermod command.

q  

The roledel command is used to delete a role and works just like the userdel command.

q  

The syslogd daemon automatically logs various system warnings and errors in message files whose location by default is the /sys/adm directory.

q  

The configuration file for the syslogd daemon is /etc/syslog.conf, which tells syslogd the name of the files to which the messages should be forwarded.

q  

You can manage syslog by using the SMF command svcadm on the service identifier svc:/system/system-log:default.