Re: How do I do this?

From: Voyager (
Date: 04/06/04

Date: Tue, 06 Apr 2004 01:14:58 GMT

On Fri, 19 Mar 2004 14:19:36 +0000, Casper H. S. Dik wrote:

Would this be correct?

Sun Microsystems added support for Role Based Access Control (RBAC) in
Solaris 8.

The building blocks of Solaris Role Based Access Control (RBAC) are
Authorizations and Privileged Operations. Profiles are built from these
two building blocks. These Profiles may then be added to Roles.


Authorizations are rights to perform specifically defined administration
functions. Authorizations are defined in the auth_attr file.

The `auths` command is used to print the authorizations granted to a user.

# auths voyager

Privileged Operations

Privileged Operations are rights to execute specifically defined Solaris
commands. Privileged Operations are defined in the exec_attr file.


Groups of Authorizations and Privileged Operations are known as Profiles.
Profiles are defined in the prof_attr file.

The `profiles` command is used to print the profiles defined for a user.

# profiles voyager
Audit Management, All Commands

user_attr and policy.conf

Authorization, Profile, and Role assignments are stored in the user_attr
file. Authorization and Profile assignments for all users on the system
are stored in the policy.conf file.


Roles are special system accounts. Roles are similar to regular system
users, however roles may not log into the system. The preferred method of
assuming a role is to use the `su` command.

The `roles` command is used to print the roles defined for a user.

# roles voyager

Roles are added, modified, and deleted using the `roleadd`, `rolemod` and
`roledel` commands.


Relevant Pages

  • Re: (mis)using RBAC...
    ... Jonathan Katz wrote: ... is this a normal practice (are there other people ... This is why many organizations prefer to assign authorizations ... and rights profiles to Solaris roles. ...
  • Re: Locked "Documents and settings" folder
    ... Given that I can boot in safe mode with command ... drive, for the one of the two profiles he has created. ... >> Have you tried safe mode with command prompt? ...
  • Re: Errors copying Default User files to new user
    ... > I tried with xcopy, as you suggested, but the problem did not occur. ... > I also tried the oh command (though on "default" as the file isn't ... that generates new profiles. ... If Safe Mode works then you have some process that locks ...
  • Re: Lost all user Profiles at Log in
    ... If it lists several profiles, append a profile name to the previous command and see if the Local Group Memberships line is empty that explains why it can't be found, it needs to be added to the group Users as follows ... I am leaning towards the destructive restore, but I really don't want to do this... ... Try running System Restore from a Command Prompt from within Safe Mode. ...
  • Re: More n00b problems - compiling
    ... I've got a couple of dozen GCCs ... The command used to access the profiles is gcc-config, ...