Securing Legacy Applications

This section discusses how to make legacy applications more secure. To add legacy applications to the Solaris Management Console, see "Adding Tools to the Solaris Management Console" in System Administration Guide: Basic Administration.

How to Add Security Attributes to a Legacy Application

You add security attributes to a legacy application in the same way as you would for any command. You need to add the command (or its directory) to the Commands Denied column in the Commands tab of the Rights property dialog box. Then move the command to the Commands Permitted column.

How to Add Security Attributes to Commands in a Script

If a command in a script needs to have the setUID bit set to run, simply add the security attributes to that command in the same rights profile. See "How to Create or Change a Rights Profile by Using the Rights Tool".

How to Check for Authorizations in a Script or Program

To have a script for authorizations, you need to add a test that is based on the auths command (see the auths(1) man page). For example, the following line would test if the user has the authorization entered as the $1 argument:

if [ `/usr/bin/auths|/usr/xpg4/bin/grep $1` ]; then
        echo Auth granted
else
        echo Auth denied
fi

To be more complete, the test should include logic that checks for other authorizations that use wildcards. For example, to test if the user has the solaris.admin.usermgr.write authorization, you need to check for the strings: solaris.admin.usermgr.write, solaris.admin.usermgr.*, solaris.admin.*, and solaris.*.

If you are writing a program, use the getauthattr()function to test for the authorization.


18. Role-Based Access Control (Tasks) Modifying a User's RBAC Properties How to Modify a User's RBAC Properties From the Command Line