RBAC: Solaris Role Based Access Control basics
Home -> UNIX -> Solaris -> Security
From the computer of: qmchenry 
(338 recipes)
Created: Oct 03, 2003 Updated: Oct 04, 2003
2 comments:
View all comments
Add a comment
Add to: 
Solaris 8 and 9 have a powerful, integrated mechanism originally available only in trusted environments. Role based access control (RBAC) implements an authorization system based on least privilege. In this model, multiple administrative roles can be created and associated with users such that an individual has only the access necessary to perform their delegated tasks such as restarting privileged services, rebooting the system, or managing the print queue. RBAC allows finer grain control of implementing security policies. This recipe is the first of a series about RBAC and provides an introduction to its components.
RBAC Overview:
Central to Role Based Access Control is the role. A role is similar to a user in that it has a user id, a password, and even a home directory. Roles also have associations to specific tasks or capabilities assigned to them. A user that is authorized to assume a role simply switches to that role using the su command just as they would traditionally switch user to root.
RBAC configurations may seem daunting initially, but looking at some examples will help. Remember that users are assigned roles, roles are assigned profiles, and specific commands are assigned to profiles.
Configuration files:
/etc/user_attr user attributes database
This file associates users with the roles they are authorized to assume.
/etc/security/auth_attr authorization description database
Definitions of the authorizations are configured in auth_attr. An authorization in the context of RBAC grants the ability to perform some action.
/etc/security/exec_attr execution profiles database
Execution attributes defined in exec_attr are used to determine the profiles for commands run under RBAC and include the user id and effective user id that the command will run as.
/etc/security/prof_attr execution profile description database[/b]
Profiles are groupings of authorizations or security attributes that can be applied to users or roles. Profiles can simplify large-scale RBAC infrastructures but can seem to complicate simple configurations.
Additional RBAC recipes including examples will come soon.
Subscribe to the Tech-Recipes Newsletter
You can get tips like this delivered in your email every week!
We will never, ever sell your email address or spam you.
2 Recipe comments: View comments
RBAC: Solaris Role Based Access Control basics by Anonymous
For Role-Based Access Control on any platform by Anonymous
Related recipes:
Change the Solaris telnet banner
To log all Telnet , FTP Connections to a Solaris Machine
Configuring C-2 Level Security in Solaris
Adding BANNER information in Solaris ......
Solaris: create ssh keys for quick server logins
Prevent Solaris users from changing file ownership (chown)
Sponsored links
Login
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.Search
Tech Recipes
· Home
· Mac OS X
· Solaris
· Windows
· Programming
· UNIX
· Cisco
· MySQL
· Google
· Instant messaging
· Add recipes
· Leave feedback
· Recommend us
· RSS Syndication
Hot recipes
XP: Small, Free Way to Use and Mount Images (ISO files) Without Burning Them
Make XP look like Windows Vista / Longhorn for free!
How Do I Use or Open Bin, Cue, or ISO Files?
MySpace Hack: View Pictures and Comments on a Private Profile
SMS through E-Mail: Cingular, Nextel, Sprint, T-Mobile, Verizon, Virgin Mobile
Vista: Should I Install 64-bit or 32-bit Version? (x64 vs x86)
Hacks to Beat Rapidshare Download Limits and Waiting Time
MySpace: Hack to Download Any Song on MySpace
Who's Online
There are currently, 1658 guest(s) and 1 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
Information
Wish to advertise with us?
All logos and trademarks in this site are property of their respective owner. The comments and forum posts are property of their posters, all the rest © 2003-2007 by QD Ideas, LLC.
Users of this site are legally bound by the Terms and conditions and Disclaimer. Do not use this web site if you do not agree with these policies.
The members, admins, and authors of this website respect your privacy.
Page Generation: 0.73 Seconds
Sat Jul 19 20:16:01 2008