03-09-2007
Quote:
Originally Posted by civic2005
Anyone know how to disable SU right for a particular user in Solaris 8
You should not change the default file permissions and/or group of Solaris binaries, instead you should use
RBAC and turn non-personal accounts into roles. Then you have to assign explicit permission to be able to assume the role (i.e. "
su - role").
If you describe what problem you are trying to it is easier to suggest a good solution.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Im sure this is somthing easy to do but i just can not figure it out where and how would i take X out of the boot for hp ux 11 i looked in the man's and nothing so maybe sombody could throw me a bone... thanks
BB (8 Replies)
Discussion started by: bbutler3295
8 Replies
2. UNIX for Dummies Questions & Answers
i have this unix version "unix v/386" and i want to disable su
kindly help me (2 Replies)
Discussion started by: sak900354
2 Replies
3. Solaris
I access my Sun box via ssh, and i dont need to x Window system at all, and everytime if i couldnt type user name and password fast enough its try to load the Java desktop, how can i disable X-Window login and make it stop at console login prompt ? thanks. (4 Replies)
Discussion started by: XP_2600
4 Replies
4. AIX
Is there a command to disable/enable a port? I want to disable a port from a script and don't want to edit the /etc/inetd /etc/services file. (2 Replies)
Discussion started by: daveisme
2 Replies
5. Shell Programming and Scripting
Hi All,
I have bash script, so what is sintax script in bash for Enable and Disable Tab Key. Thanks for your help.:(
Thanks,
Rico (1 Reply)
Discussion started by: carnegiex
1 Replies
6. Solaris
Hi,
I am using solaris 10, 1 of the printers encounter some issue and it is always disable itself and dont know why? any idea how to make it auto enable back to normal? is there any configuration or scripts?? kindly advise me. thanks. (2 Replies)
Discussion started by: freshmeat
2 Replies
7. HP-UX
Hi All,
How to prevent root user from doing setuid().
In otherwords, if the root(any user) is trying to do setuid in a program it should fail. (5 Replies)
Discussion started by: guru13
5 Replies
8. UNIX for Dummies Questions & Answers
I have modified /etc/inittab file for changing default runlevel from 5 to 3 .
Now i can boot in terminal mode .However if i issue init 5 i get a X window.
How would i disable loading X? do i need to disable some services?
P.S.
What is Xvfb? How would i disable it?
My Distribution Details.
#... (11 Replies)
Discussion started by: pinga123
11 Replies
9. Red Hat
Hi all Expertise,
I have following issue to solve,
SSL / TLS Renegotiation DoS (low) 222.225.12.13
Ease of Exploitation Moderate
Port 443/tcp
Family Miscellaneous
Following is the problem description:------------------
Description The remote service encrypts traffic using TLS / SSL and... (2 Replies)
Discussion started by: manalisharmabe
2 Replies
10. UNIX for Advanced & Expert Users
Can some one suggest me the way to disable " rm -rf * " or " rm -rf / " command execution permanently from the server. Any suggestion will be very much helpful . (18 Replies)
Discussion started by: shiek.kaleem
18 Replies
roles(1) User Commands roles(1)
NAME
roles - print roles granted to a user
SYNOPSIS
roles [ user ...]
DESCRIPTION
The command roles prints on standard output the roles that you or the optionally-specified user have been granted. Roles are special
accounts that correspond to a functional responsibility rather than to an actual person (referred to as a normal user).
Each user may have zero or more roles. Roles have most of the attributes of normal users and are identified like normal users in passwd(4)
and shadow(4). Each role must have an entry in the user_attr(4) file that identifies it as a role. Roles can have their own authorizations
and profiles. See auths(1) and profiles(1).
Roles are not allowed to log into a system as a primary user. Instead, a user must log in as him-- or herself and assume the role. The
actions of a role are attributable to the normal user. When auditing is enabled, the audited events of the role contain the audit ID of the
original user who assumed the role.
A role may not assume itself or any other role. Roles are not hierarchical. However, rights profiles (see prof_attr(4)) are hierarchical
and can be used to achieve the same effect as hierarchical roles.
Roles must have valid passwords and one of the shells that interprets profiles: either pfcsh, pfksh, or pfsh. See pfexec(1).
Role assumption may be performed using su(1M), rlogin(1), or some other service that supports the PAM_RUSER variable. Successful assumption
requires knowledge of the role's password and membership in the role. Role assignments are specified in user_attr(4).
EXAMPLES
Example 1: Sample output
The output of the roles command has the following form:
example% roles tester01 tester02
tester01 : admin
tester02 : secadmin, root
example%
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
FILES
/etc/user_attr
/etc/security/auth_attr
/etc/security/prof_attr
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO
auths(1), pfexec(1), profiles(1), rlogin(1), su(1M), getauusernam(3BSM), auth_attr(4), passwd(4), prof_attr(4), shadow(4), user_attr(4),
attributes(5)
SunOS 5.10 14 Feb 2001 roles(1)