|
The profiles command prints on standard output
the names of the execution profiles that have been assigned to you or to
the optionally-specified user or role name. Profiles are a bundling mechanism
used to enumerate the commands and authorizations needed to peform a specific
function. Along with each listed executable are the process attributes,
such as the effective user and group IDs, with which
the process runs when started by a privileged command interpreter. The profile
shells are pfcsh, pfksh, and pfexec. See the pfexec(1) man
page. Profiles can contain other profiles defined in prof_attr(4).
Multiple profiles can be combined to construct the appropriate access
control. When profiles are assigned, the authorizations are added to the
existing set. If the same command appears in multiple profiles, the first
occurrence, as determined by the ordering of the profiles, is used for process-attribute
settings. For convenience, a wild card can be specified to match all commands.
When profiles are interpreted, the profile list is loaded from user_attr(4).
If any default profile is defined in /etc/security/policy.conf (see policy.conf(4)),
the list of default profiles will be added to the list loaded from user_attr(4).
Matching entries in prof_attr(4)
provide the authorizations list, and matching entries in exec_attr(4) provide the commands list.
|