Re: How do I do this?

From: Voyager (voyager_at_hackfaq.org)
Date: 04/06/04 

Date: Tue, 06 Apr 2004 01:14:58 GMT

On Fri, 19 Mar 2004 14:19:36 +0000, Casper H. S. *** wrote:

Would this be correct?

Sun Microsystems added support for Role Based Access Control (RBAC) in
Solaris 8.

The building blocks of Solaris Role Based Access Control (RBAC) are
Authorizations and Privileged Operations. Profiles are built from these
two building blocks. These Profiles may then be added to Roles.

Authorizations
~~~~~~~~~~~~~~

Authorizations are rights to perform specifically defined administration
functions. Authorizations are defined in the auth_attr file.

The `auths` command is used to print the authorizations granted to a user.

# auths voyager
solaris.audit.read

Privileged Operations
~~~~~~~~~~~~~~~~~~~~~

Privileged Operations are rights to execute specifically defined Solaris
commands. Privileged Operations are defined in the exec_attr file.

Profiles
~~~~~~~~

Groups of Authorizations and Privileged Operations are known as Profiles.
Profiles are defined in the prof_attr file.

The `profiles` command is used to print the profiles defined for a user.

# profiles voyager
Audit Management, All Commands

user_attr and policy.conf
~~~~~~~~~~~~~~~~~~~~~~~~~

Authorization, Profile, and Role assignments are stored in the user_attr
file. Authorization and Profile assignments for all users on the system
are stored in the policy.conf file.

Roles
~~~~~

Roles are special system accounts. Roles are similar to regular system
users, however roles may not log into the system. The preferred method of
assuming a role is to use the `su` command.

The `roles` command is used to print the roles defined for a user.

# roles voyager
admin

Roles are added, modified, and deleted using the `roleadd`, `rolemod` and
`roledel` commands. 

-- 
Voyager
Webmaster: http://www.hackfaq.org
Quantcast