User level changes, Solaris file permissions, Disabling secure name service databases – Xerox 4590 EPS-10912 User Manual
Page 15
Security Guide
9
User level changes
The following user-level changes are made:
•
all users for at, cron, and batch are disallowed
•
nuucp account is disabled
•
listen account is disabled
•
password entry locked for bin, sys, adm, uucp, nobody,
noaccess, nobody4, and anonymous
Solaris file permissions
Secure File Permission options can be enabled or disabled
through the DocuSP interface. Fix-modes include:
•
fixmodes-xerox: fix file permissions for all packages to
make them more secure. Available under the System tab
under the “Secure File Permissions” drop-down menu.
•
fixmodes-solaris: fix file permissions only for Solaris
packages to make them more secure. Available under the
System tab under the “Secure File Permissions” drop-
down menu.
The fix-modes utility (from the Solaris Security Toolkit) adjusts
group and world write permissions. It is run with the '-s' option to
secure file permissions for Solaris files that were created at install
time only. Customer-generated files are not affected.
NOTE: When this command is run, a file called /var/sadm/install/
content.mods is left. Do not delete this file. It contains valuable
information needed by fix modes to revert the changes to the
system file permissions if the security setting is changed back to
medium.
Disabling secure name service databases
The following databases are disabled when security is invoked:
•
passwd(4)
•
group(4)
•
exec_attr(4)
•
prof_attr(4)
•
ser_attr(4)