Tribblix: manual page: smf

SMF_SECURITY(7) Standards, Environments, and Macros SMF_SECURITY(7)

NAME

smf_security - service management facility security behavior

DESCRIPTION

The configuration subsystem for the service management facility,
smf(7), requires privilege to modify the configuration of a service.
Privileges are granted to a user by associating the authorizations
described below to the user through user_attr(5) and prof_attr(5).
See rbac(7).

The following authorization is used to manipulate services and
service instances.

solaris.smf.modify
Authorized to add, delete, or modify services,
service instances, or their properties, and to
read protected property values.

Property Group Authorizations

The smf(7) configuration subsystem associates properties with each
service and service instance. Related properties are grouped. Groups
can represent an execution method, credential information,
application data, or restarter state. The ability to create or modify
property groups can cause smf(7) components to perform actions that
can require operating system privilege. Accordingly, the framework
requires appropriate authorization to manipulate property groups.

Each property group has a type corresponding to its purpose. The core
property group types are method, dependency, application, and
framework. Additional property group types can be introduced,
provided they conform to the extended naming convention in smf(7).
The following basic authorizations, however, apply only to the core
property group types:

solaris.smf.modify.method

Authorized to change values or create, delete, or modify a
property group of type method.

solaris.smf.modify.dependency

Authorized to change values or create, delete, or modify a
property group of type dependency.

solaris.smf.modify.application

Authorized to change values, read protected values, and create,
delete, or modify a property group of type application.

solaris.smf.modify.framework

Authorized to change values or create, delete, or modify a
property group of type framework.

solaris.smf.modify

Authorized to add, delete, or modify services, service instances,
or their properties, and to read protected property values.

Property group-specific authorization can be specified by properties
contained in the property group.

modify_authorization
Authorizations allow the addition, deletion,
or modification of properties within the
property group, and the retrieval of property
values from the property group if protected.

value_authorization
Authorizations allow changing the values of
any property of the property group except
modify_authorization, and the retrieval of
any property values except
modify_authorization from the property group
if protected.

read_authorization
Authorizations allow the retrieval of
property values within the property group.
The presence of a string-valued property with
this name identifies the containing property
group as protected. This property has no
effect on property groups of types other than
application. See Protected Property Groups.

The above authorization properties are only used if they have type
astring. If an instance property group does not have one of the
properties, but the instance's service has a property group of the
same name with the property, its values are used.

Protected Property Groups

Normally, all property values in the repository can be read by any
user without explicit authorization. Property groups of non-framework
types can be used to store properties with values that require
protection. They must not be revealed except upon proper
authorization. A property group's status as protected is indicated by
the presence of a string-valued read_authorization property. If this
property is present, the values of all properties in the property
group is retrievable only as described in Property Group
Authorizations.

Administrative domains with policies that prohibit backup of data
considered sensitive should exclude the SMF repository databases from
their backups. In the face of such a policy, non-protected property
values can be backed up by using the svccfg(8) archive command to
create an archive of the repository without protected property
values.

Service Action Authorization

Certain actions on service instances can result in service
interruption or deactivation. These actions require an authorization
to ensure that any denial of service is a deliberate administrative
action. Such actions include a request for execution of the refresh
or restart methods, or placement of a service instance in the
maintenance or other non-operational state. The following
authorization allows such actions to be requested:

solaris.smf.manage
Authorized to request restart, refresh, or
other state modification of any service
instance.

In addition, the general/action_authorization property can specify
additional authorizations that permit service actions to be requested
for that service instance. The solaris.smf.manage authorization is
required to modify this property.

Defined Rights Profiles

Two rights profiles are included that offer grouped authorizations
for manipulating typical smf(7) operations.

Service Management
A service manager can manipulate any service in
the repository in any way. It corresponds to
the solaris.smf.manage and solaris.smf.modify
authorizations.

Service Operator
A service operator has the ability to enable or
disable any service instance on the system, as
well as request that its restart or refresh
method be executed. It corresponds to the
solaris.smf.manage and
solaris.smf.modify.framework authorizations.

Sites can define additional rights profiles
customized to their needs.

Remote Repository Modification

Remote repository servers can deny modification attempts due to
additional privilege checks. See NOTES.

NOTES

The present version of smf(7) does not support remote repositories.

When a service is configured to be started as root but with
privileges different from limit_privileges, the resulting process is
privilege aware. This can be surprising to developers who expect
seteuid(<non-zero UID>) to reduce privileges to basic or less.

May 13, 2017 SMF_SECURITY(7)