Re: RBAC and audit administration

From: Darren Moffat (Darren.Moffat@eng.sun.com)
Date: 11/16/01 

Message-Id: <200111161731.fAGHVQCn437334@jurassic.eng.sun.com>
Date: Fri, 16 Nov 2001 09:31:26 -0800 (PST)
From: Darren Moffat <Darren.Moffat@eng.sun.com>
Subject: Re: RBAC and audit administration
To: focus-sun@securityfocus.com, cruesemann@trustcenter.de

>I was playing with RBAC. For this reason I set up an account "audit" with
>the following
>entry in /etc/user_attr:
>audit::::type=normal;profiles=Audit Control,All

What is the passwd entry for the user audit ? The shell should be one
of pfsh,pfksh,pfcsh

I suspect you actually want audit to be a role rather than a normal user
so that a real person must login first and then su to audit if so change
type=normal to type=role. 

--
Darren J Moffat

Relevant Pages

  • SUMMARY: Create additional superuser
    ... A simple way (but not recommended for lack of audit) of doing it is by ... RBAC doesnt work if you want to assign special authorizations that are not ... Sudo helps you assign any authorizations ... Rbac I would say controls more system level controls, printing, ufsdumps, ...
    (SunManagers)
  • RBAC and audit administration
    ... Subject: RBAC and audit administration ... Solaris 8 via cron" problem. ... I was playing with RBAC. ...
    (Focus-SUN)
  • RBAC in NIS environment
    ... I have been asked to develope and implement a concept for RBAC with the ability to audit different roles. ... There is plenty of information on the net regarding this subject, but I haven't been able to find information regarding RBAC implementation, with the basic security module, in a NIS environment. ...
    (SunManagers)
  • Re: RBAC and audit administration
    ... Subject: RBAC and audit administration ... >What is the passwd entry for the user audit? ... The shell should be one ...
    (Focus-SUN)