PROFILES(1) User Commands PROFILES(1)
NAME
profiles - print execution profiles for a user
SYNOPSIS
profiles [
-l] [
user ]...
DESCRIPTION
The
profiles command prints on standard output the names of the
execution profiles that have been assigned to you or to the
optionally-specified user or role name. Profiles are a bundling
mechanism used to enumerate the commands and authorizations needed to
perform a specific function. Along with each listed executable are
the process attributes, such as the effective user and group
IDs,
with which the process runs when started by a privileged command
interpreter. The profile shells are
pfcsh,
pfksh, and
pfexec. See
the
pfexec(1) man page. Profiles can contain other profiles defined
in
prof_attr(5).
Multiple profiles can be combined to construct the appropriate access
control. When profiles are assigned, the authorizations are added to
the existing set. If the same command appears in multiple profiles,
the first occurrence, as determined by the ordering of the profiles,
is used for process-attribute settings. For convenience, a wild card
can be specified to match all commands.
When profiles are interpreted, the profile list is loaded from
user_attr(5). If any default profile is defined in
/etc/security/policy.conf (see
policy.conf(5)), the list of default
profiles are added to the list loaded from
user_attr(5). Matching
entries in
prof_attr(5) provide the authorizations list, and matching
entries in
exec_attr(5) provide the commands list.
OPTIONS
The following options are supported:
-l Lists the commands in each profile followed by the special
process attributes such as user and group
IDs.
EXAMPLES
Example 1: Sample Output
The output of the
profiles command has the following form:
example%
profiles tester01 tester02 tester01 : Audit Management, All Commands
tester02 : Device Management, All Commands
example%
Example 2: Using the list Option
example%
profiles -l tester01 tester02 tester01 :
Audit Management:
/usr/sbin/audit euid=root
/usr/sbin/auditconfig euid=root egid=sys
All Commands:
*
tester02 :
Device Management:
/usr/bin/allocate: euid=root
/usr/bin/deallocate: euid=root
All Commands
*
example%
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
FILES
/etc/security/exec_attr /etc/security/prof_attr /etc/user_attr /etc/security/policy.confSEE ALSO
auths(1),
pfexec(1),
roles(1),
getprofattr(3SECDB),
exec_attr(5),
policy.conf(5),
prof_attr(5),
user_attr(5),
attributes(7) January 7, 2018 PROFILES(1)