HomeSolarisSolaris securityRBAC: Solaris Role Based Access Control basics
Solaris security

RBAC: Solaris Role Based Access Control basics

Quinn McHenry
By Quinn McHenry
0
974

Solaris 8 and 9 have a powerful, integrated mechanism originally available only in trusted environments. Role based access control (RBAC) implements an authorization system based on least privilege. In this model, multiple administrative roles can be created and associated with users such that an individual has only the access necessary to perform their delegated tasks such as restarting privileged services, rebooting the system, or managing the print queue. RBAC allows finer grain control of implementing security policies. This recipe is the first of a series about RBAC and provides an introduction to its components.


RBAC Overview:
Central to Role Based Access Control is the role. A role is similar to a user in that it has a user id, a password, and even a home directory. Roles also have associations to specific tasks or capabilities assigned to them. A user that is authorized to assume a role simply switches to that role using the su command just as they would traditionally switch user to root.

RBAC configurations may seem daunting initially, but looking at some examples will help. Remember that users are assigned roles, roles are assigned profiles, and specific commands are assigned to profiles.

Configuration files:
/etc/user_attr user attributes database
This file associates users with the roles they are authorized to assume.

/etc/security/auth_attr authorization description database
Definitions of the authorizations are configured in auth_attr. An authorization in the context of RBAC grants the ability to perform some action.

/etc/security/exec_attr execution profiles database
Execution attributes defined in exec_attr are used to determine the profiles for commands run under RBAC and include the user id and effective user id that the command will run as.

/etc/security/prof_attr execution profile description database
Profiles are groupings of authorizations or security attributes that can be applied to users or roles. Profiles can simplify large-scale RBAC infrastructures but can seem to complicate simple configurations.

Previous article
Remove a virtual interface in Solaris
Next article
Change the subnet mask of an interface
Quinn McHenry
Quinn McHenry
Quinn was one of the original co-founders of Tech-Recipes. He is currently crafting iOS applications as a senior developer at Small Planet Digital in Brooklyn, New York.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Load more

LATEST REVIEWS

Load more

Recent Comments

Techylist on Get the Scoop on How to Use Twitter Moments in Just 5 Minutes! April, 2024
techylist on Get the Scoop on How to Use Twitter Moments in Just 5 Minutes! April, 2024
Alexzander E. Aguilar on How to Insert and Remove the SIM Card in an iPhone
Glenn Thomas on How To Deploy ISPAC File & SSIS Package From Command Line
Buck on How to Turn On and Off Automatic Updates in Windows 10
Anna Sue Edwards on How to View Facebook Login History
Dante on How Do I Copy Text from a Password Protected Word Document?
Darrin on How To Stop All Friend Requests On Facebook
William McCoy on How To Change Thumbs Up on Facebook Messenger
Bazaarroom on 5 Great Tech Skills to Learn During Lockdown
Tech-Recipes

POPULAR POSTS

POPULAR CATEGORY

© Copyright Tech-Recipes.com || DMCA.com Protection Status
error: Content is protected !!