Administering user accounts

Changing system privileges

System privileges allow user processes to execute specific operating system services. For example, the ability to change ownership of a file is governed by the chown privilege. (The chown privilege allows the use of the chown(S) system call that enables chown(C) to work.)

In the Account Manager, select the user name, then select Privileges from the Users menu.

To change privileges assigned, deselect the Use system default privileges for this user account button. This allows you to assign a set of privileges specific to this account.

To add a privilege, select an entry the ``Not allowed'' column and click on the Add button.

To remove a privilege, select an entry in the ``Allowed'' column and click on the Remove button.

To change the privileges assigned by default, use this command:

usermod -D -x "{privs {list}}"

where list is one or more privileges separated by spaces.

You can change the value for an individual user with the usermod(ADM) command by omiting the -D option and appending the user name to the above command.

System privileges

Privilege Allows user processes to

configaudit configure audit subsystem parameters

writeaudit write audit records to the audit trail

execsuid run set-UID programs

chmodsugid to set set-UID and set-GID bit on files

chown to change the owner of an object

suspendaudit suspend operating system auditing of the process

Privilege	Allows user processes to
configaudit	configure audit subsystem parameters
writeaudit	write audit records to the audit trail
execsuid	run set-UID programs
chmodsugid	to set set-UID and set-GID bit on files
chown	to change the owner of an object
suspendaudit	suspend operating system auditing of the process

NOTE: Restricted chown is required for NIST FIPS 151-1 conformance. The chown privilege should not be assigned to users if you wish to conform to NIST FIPS 151-1 requirements. The kernel parameter CHOWN_RES also controls this behavior; see the Performance Guide for more information.

Under the Low and Traditional security profiles, most system privileges are assigned by default and should not require modification. Under the High security profile, chmodsugid is not assigned by default. Most users require only execsuid to perform routine tasks. If the user needs to create files with the SUID or SGID bits, they must have chmodsugid. To change ownership of a file (``give it away''), the chown privilege is required. If a user does not have this privilege, ownership of files can only be changed by root. The audit privileges (configaudit, writeaudit, and suspendaudit) should never be assigned to anyone other than the audit administrator. They are intended for use by a program designed to run as a trusted application.

System privileges and authorizations

If you are operating with the High and Improved security profiles, you must assign certain system privileges when you assign subsystem authorizations. Although most of these are already assigned by default, they are listed in ``Subsystem privilege requirements'' in case you modify the defaults. One exception is the audit subsystem, which requires the addition of the configaudit and suspendaudit privileges. These privileges should never be assigned by default, or to ordinary users.

NOTE: Under the Low and Traditional security profiles, most privileges are already assigned by default.

Subsystem privilege requirements

Subsystem authorization Privilege required

audit configaudit, execsuid, writeaudit

auth execsuid, chown

backup execsuid

lp chown

cron chmodsugid, chown, execsuid

sysadmin chmodsugid, chown, execsuid

Subsystem authorization	Privilege required
audit	configaudit, execsuid, writeaudit
auth	execsuid, chown
backup	execsuid
lp	chown
cron	chmodsugid, chown, execsuid
sysadmin	chmodsugid, chown, execsuid