All of these files use the following delimiters:


Colon. Used as a field separator within the file. For example you could have a line that looks as follows:


Fruit:Vegetables:Meats:Breads


Semicolon. Used to separate key value pairs within the file. We could separate apples and lemons like so:


apples=red;lemons=yellow


Comma. Used to separate an ordered list within the file:


lions,tigers,bears


Period. Allows you to construct highly granular authorizations:


solaris.system.date
solaris.system.shutdown


Now you can have one set of commands that can be associated with setting the system date and another set of commands that are associated with shutting down the system.


To create a role-based access control, you add the role to user_attr and then create the entries in auth_attr and/or prof_attr and then you place the commands that the user will run into exec_attr. You can use the built-in schemes as defined in the auth_attr or prof_attr files or you can add your own to these files as well. The policy.conf file is used to set a system-wide default that any user logging onto the system can use. You can add any authorization or profile to policy.conf and then any user who logs on can immediately use those commands or applications.


Next Section: The Four Main Files - 4 of 7

This Web Site Copyright © 1997 - 2008
by Alan Pae - All Rights Reserved