Assigning user powers

The administrator has the option of granting (or restricting) special powers:

• Assigning subsystem authorizations -- the ability to run administrative programs

• Changing system privileges -- to set privileges on user processes

• Allowing users to skip login messages

• Allowing users to execute superuser commands -- to run utilities otherwise only executable by root

• Controlling the use of job scheduling commands -- to schedule jobs with cron(C), at(C), and batch(C)

The Low and Traditional security profiles assign most of the capabilities described here by default and it should not be necessary to change them. With the High (C2) security profiles, few are assigned by default; most privileges are intended for users entrusted with system administration.