How do you assign multiple roles in RBAC?


 
Thread Tools Search this Thread
Operating Systems Solaris How do you assign multiple roles in RBAC?
# 1  
Old 08-07-2017
How do you assign multiple roles in RBAC?

Oracle Solaris 10 9/10 s10s_u9wos_14a SPARC

Hi, just starting with RBAC. I have managed to create a test user with assigned roles:

Code:
Basic Actions
Basic Solaris User

I also did
Code:
roleadd -d /export/home/userrole -m userrole

but when I did
Code:
rolemod -P "Basic Actions" userrole
rolemod -P "Basic Solaris User" userrole

I'm not sure if its cumulative or not. one thing for sure is the test user cannot make a directory nor remove one, so I did this
Code:
rolemod -P "File System Management" userrole

and tested. still the user cannot create nor remove directories.

So if I'm going to create a basic role for a regular user, how to go about doing it?

---------- Post updated at 04:43 PM ---------- Previous update was at 04:17 PM ----------

correction:

the test user is able to create and delete directories. the home directory of the test users was under the ownership of root that is why. after changing the ownership of the home directory, test user able to create and delete directories.

still the question remains, how to assign multiple roles in /etc/user_attr file?

---------- Post updated at 04:59 PM ---------- Previous update was at 04:43 PM ----------

got it!.

Code:
rolemod [-u uid] [-o] [-g group] [-G group] [-d dir] [-m] [-s shell][-c comment] [-l new_name] [-f inactive] [-e expire] [-A Authorization][-P profile] <role account>


Last edited by rino19ny; 08-07-2017 at 11:32 AM.. Reason: Added CODE tags and set capital letters where appropriate.
# 2  
Old 08-07-2017
The usermod assigns a role to a user, the rolemod command creates and modifies roles. I would use existing roles to start with and assign them to a user. Basic security (groups, etc.) should be used for file access because software you buy and load expects this, e.g. databases, math software.

Try: Role-Based Access Control (Overview) - Oracle Solaris Administration: Security Services
RBAC is meant for creating profiles for users like system operators who have to be able to run backups, restore disks, fix printer problems, etc. It is great for that purpose. IMO, messing around with general users and RBAC causes problems that do not need to happen. If you need elevated security you need to be on a trusted version of the OS for starters.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Need to parse the multiple definitions from a single line and assign

Hi, I need a help on my requirement that eg: NEED="TEST=Name WORK=Ps DEL=let" Here the definition can be n number, could anybody have an idea to get the output as, TEST=Name WORK=Ps DEL=let .. .. till the 'n' definitions listed. Any suggestions please..... Regards, ricky (6 Replies)
Discussion started by: ricky-row
6 Replies

2. Shell Programming and Scripting

How to assign correct values to the multiple words?

The file1 contains mistakes and looks like 1 No one have never become rich by giving. Anne Dickens 2 No one is worthless in this globe who lightens the weights of other. Charles_Dickens file2 contains the correction of words and looks like rich poor have has never ever... (3 Replies)
Discussion started by: sammy777888
3 Replies

3. UNIX and Linux Applications

Oracle Database - How to check if user roles and system roles are separated?

I have these two table. How do I see if user roles and system roles are seperated? SQL> desc DBA_ROLES; Name Null? Type ----------------------------------------- -------- ---------------------------- ROLE NOT NULL... (1 Reply)
Discussion started by: alvinoo
1 Replies

4. Shell Programming and Scripting

Running a program multiple times to search pattern and assign structure

Hi all, I have a big file (n.txt) with following pattern: ATOM 1 N SER A 1 122.392 152.261 138.190 1.00 0.00 N ATOM 2 CA SER A 1 122.726 151.241 139.183 1.00 0.00 C TER ENDMDL ATOM 1 N SER A 1 114.207 142.287 135.439 1.00 0.00 ... (3 Replies)
Discussion started by: bioinfo
3 Replies

5. Shell Programming and Scripting

assign multiple rows value to a variable using eval

background : Solaris, ksh metresult="ooo > pp" ts=89 eval append_${ts}="$metresult" bash: pp: command not found I want to create a variable which has in a part of its name a dynamically-established number (stored in another variable) usually I do this with eval command. The problem I... (5 Replies)
Discussion started by: black_fender
5 Replies

6. Shell Programming and Scripting

Looking for help with script to assign all disk space to slice#0 on multiple disks of varying sizes

Hi Folks, I am trying to make a script to assign all diskspace to slice 0, on multiple sized disks. Since the disks are new they may need to be labelled also to avoid the error: Cannot get disk geometry Below is my code struggling with logic which doesn't seem to be producing the desired... (0 Replies)
Discussion started by: momin
0 Replies

7. UNIX for Dummies Questions & Answers

How to assign multiple IPs to Aggregated interface in Solaris 10?

I have 2 physical interfaces (bnx0 and bnx1) aggregated into aggr1. I need to assign second IP, and normally I know how to do it to physical interface (i.e. bnx0:1) however same trick (aggr1:1) is not working. Is there any way to do it? (0 Replies)
Discussion started by: bratan
0 Replies

8. Shell Programming and Scripting

Select multiple values from an Oracle database and assign it to two dimensional array

hi I have two tables in oracle DB and am using a joining query which will result in the output as follows. i need to assign it to a two dimensional array and use it for my further calculations. the way i tried is as follows. #!/bin/ksh export... (1 Reply)
Discussion started by: aemunathan
1 Replies

9. Solaris

LDAP users with RBAC Roles

I have an issue with integration between Microsoft LDAP users and RBAC roles defined in a Solaris box. to explain more , i managed to integrate Microsoft Active Directory user loggings to Solaris boxes. I've done it to centralize user repo. and instead of creating admin accounts on more than... (9 Replies)
Discussion started by: mduweik
9 Replies

10. Shell Programming and Scripting

how to assign multiple values in a pl/sql script

Hello friends, This query is with regards to a script (pl/sql) which returns multiple values. Please see below script wherein the query returns a single value and is assigned to a single variable DB_VALID_CDR=`sqlplus -s user/pass<<!EOF | grep -v "^Connected" 2>&1 set termout off echo... (2 Replies)
Discussion started by: vivek_damodaran
2 Replies
Login or Register to Ask a Question