You might need to add new authorizations to be used by a new
command, a modified command, a new smf(5) manifest, or a modified
smf(5) manifest. See auth_attr(4) and /etc/security/auth_attr.
Review the existing authorizations to determine if there is
already a hierarchy into which this authorization would fall.
Determine the authorization name within this hiearchy.
If there is no existing category, create a category.
For example solaris.foo. and solaris.foo.bar.
for the solaris.foo.bar.baz authorization.
modify $SRC/lib/libsecdb/auth_attr.txt
Create a simple HTML help file in $SRC/lib/libsecdb/help/auths.
Update the Makefile. Use an existing help file for the HTML
syntax and describe help for the profile that you've just
created.
Update the help file packages SUNWcsu, SUNW0on.
in SUNWcsu/prototype_com
f none usr/lib/help/auths/locale/C/<authhelp>.html 444 root bin
in SUNW0on/prototype_com
f none usr/lib/help/auths/locale/<authhelp>.html 444 root bin
N.B. The difference between the paths ("C" -vs- none).
If authorizations are to be added to an existing Rights Profile,
modify the $SRC/lib/libsecdb/prof_attr.txt line for the
existing profile with the addition of the authorization to the
attribute field auths= keyword.
Be aware that other gates may also deliver prof_attr entries.
In the admin gate profiles are in
.../src/bundled/app/drm/rbac/security/prof_attr
.../src/bundled/app/wbem/solaris/rbac/security/prof_attr
.../src/bundled/app/webmgt/webconsole/conf/prof_attr
The the CDE gate profiles are in
.../cdesrc/cde1/rbac/security/prof_attr
If a new Rights Profile is needed, follow the directions for
creating and delivering a new Rights Profile (without adding
commands to exec_attr).