--- smf_security.5.orig Thu Mar 15 12:21:20 2007 +++ smf_security.5 Wed Apr 11 09:06:05 2007 @@ -24,11 +24,11 @@ solaris.smf.modify Authorized to add, delete, or modify services, service instances, or their - properties. + properties, and to read protected + property values. - Property Group Authorizations The smf(5) configuration subsystem associates properties with each service and service instance. Related properties @@ -79,8 +79,9 @@ - solaris.smf.modify.application Authorized to change values - or create, delete, or modify + solaris.smf.modify.application Authorized to change values, + read protected values, and + create, delete, or modify a property group of type application. @@ -98,7 +99,8 @@ solaris.smf.modify Authorized to add, delete, or modify services, service instances, or their proper- - ties. + ties, and to read protected + property values. @@ -110,7 +112,9 @@ modify_authorization Authorizations allow the addition, deletion, or modification of proper- - ties within the property group. + ties within the property group, and + the retrieval of property values from + the property group if protected. @@ -117,15 +121,30 @@ value_authorization Authorizations allow changing the values of any property of the property - group except modify_authorization. + group except modify_authorization, and + the retrieval of any property values + except modify_authorization from the + property group if protected. + read_authorization Authorizations allow the retrieval + of property values within the property + group. The presence of a string- + valued property with this name + identifies the containing property + group as protected. This property has + no effect on property groups of types + other than application. See Protected + Property Groups below. + + + SunOS 5.11 Last change: 2 Dec 04 2 @@ -144,7 +163,27 @@ values are used. + Protected Property Groups + Normally, all property values in the repository may be + read by any user without explicit authorization. However, + property groups of non-frameowrk types may be used to store + properties with values that require protection ; that is, they + must not be revealed except upon proper authorization. A + property group's status as protected is indicated by the + presence of a string-valued read_authorization property. If + this property is present, the values of all properties in + the property group will be + retrievable only as described in Property Group + Authorizations above. + Administrative domains with policies that prohibit backup + of data considered sensitive should exclude the SMF repository + databases from their backups. In the face of such a policy, + non-protected property values can be backed up by using the + svccfg(1M) archive command to create an archive of the + repository without protected property values. + + Service Action Authorization Certain actions on service instances may result in service interruption or deactivation. These actions require an