Home » Oracle » 1z0-822 » What must you do to make the change?
You administer an Oracle Solaris 11 server with multiple zones. You want to configure it so that all nonprivileged users in the global zone see only their own process.
What must you do to make the change?
A. Modify the LIMITPRIV variable in the /etc/usr/user_attr file.
B. Modify the basic privilege ser in the /etc/security/policy.conf file.
C. Configure the priv= attribute in the /etc/security/prof_attr.d/core-os file.
D. Configure privileges for the ps command in the /etc/security/exec_attrd/core-os file.
Correct Answer: B
Explanation/Reference:
Explanation:
* policy.conf
policy.conf configuration file for security policy.
The policy.conf file provides the security policy configuration for user-level attributes.
* Example: Modifying Every User’s Basic Privilege Set
In this example, the security administrator of a large Sun Ray installation does not want regular users to view the processes of other Sun Ray users.
Therefore, on every system that is configured with Trusted Extensions, the root role removes proc_info from the basic set of privileges. The
PRIV_DEFAULT setting in the /etc/policy.conf file is uncommented and modified as follows:
PRIV_DEFAULT=basic,!proc_info
Download Printable PDF. VALID exam to help you PASS.
|
|
OK, got what was meant with this – when you have a newly installed system, without any users then setting/limiting the basic privilege set in /etc/security/policy.conf would work for all users created afterwards. to modify any existing users you would need to do :
usermod -K ‘defaultpriv=basic,!proc_info’ somusr
tested on Solaris 11.3 – you would not be able to limit process listing for any user in this way !!! Part of it is due to the user having list/view rights for particular files under /proc filesystem. So nothing would forbid them to copy local ps binary and view anything they like, even if you mangle existing ps to limit the visibility !