PROFILES(1) User Commands PROFILES(1)


NAME


profiles - print execution profiles for a user

SYNOPSIS


profiles [-l] [ user ]...


DESCRIPTION


The profiles command prints on standard output the names of the execution
profiles that have been assigned to you or to the optionally-specified
user or role name. Profiles are a bundling mechanism used to enumerate
the commands and authorizations needed to perform a specific function.
Along with each listed executable are the process attributes, such as the
effective user and group IDs, with which the process runs when started by
a privileged command interpreter. The profile shells are pfcsh, pfksh,
and pfexec. See the pfexec(1) man page. Profiles can contain other
profiles defined in prof_attr(4).


Multiple profiles can be combined to construct the appropriate access
control. When profiles are assigned, the authorizations are added to the
existing set. If the same command appears in multiple profiles, the
first occurrence, as determined by the ordering of the profiles, is used
for process-attribute settings. For convenience, a wild card can be
specified to match all commands.


When profiles are interpreted, the profile list is loaded from
user_attr(4). If any default profile is defined in
/etc/security/policy.conf (see policy.conf(4)), the list of default
profiles are added to the list loaded from user_attr(4). Matching entries
in prof_attr(4) provide the authorizations list, and matching entries in
exec_attr(4) provide the commands list.

OPTIONS


The following options are supported:

-l
Lists the commands in each profile followed by the special process
attributes such as user and group IDs.


EXAMPLES


Example 1: Sample Output




The output of the profiles command has the following form:


example% profiles tester01 tester02
tester01 : Audit Management, All Commands
tester02 : Device Management, All Commands
example%


Example 2: Using the list Option



example% profiles -l tester01 tester02
tester01 :
Audit Management:
/usr/sbin/audit euid=root
/usr/sbin/auditconfig euid=root egid=sys
All Commands:
*
tester02 :
Device Management:
/usr/bin/allocate: euid=root
/usr/bin/deallocate: euid=root
All Commands
*
example%


EXIT STATUS


The following exit values are returned:

0
Successful completion.


1
An error occurred.


FILES


/etc/security/exec_attr


/etc/security/prof_attr


/etc/user_attr


/etc/security/policy.conf

SEE ALSO


auths(1), pfexec(1), roles(1), getprofattr(3SECDB), exec_attr(4),
policy.conf(4), prof_attr(4), user_attr(4), attributes(5)


January 7, 2018 PROFILES(1)