Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: RBAC in 5.3 Question
Operating Systems AIX RBAC in 5.3 Question Post 302202849 by dgaixsysadm on Thursday 5th of June 2008 11:20:27 PM
Old 06-06-2008
RBAC in 5.3 Question
I would like to use the Role Based access control to granulize some of the administration of AIX systems in our organization. Across the company we will be using aix 5.3. One of these roles will only have the access to make, change and delete users, something similar to ManageAllUsers. The thing that I dont understand about RBAC in aix 5.3 is that in order to make this work, I have to assign both the secuity group and the role to the user, lets call him ‘groucho'. My big question is, if I add groucho to the security group, he will be able to run the mkuser, rmuser, and chuser commands with or without the ManageAllUsers (or ManageBasicUsers) Role. So my question is what good is the Role at all? If I add the proper group membership, it not only gives access to run these commands, but possibly even some commands that I don't want authorized.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

RBAC logging

Hi gurus: I have not come accross any links on the internet that shows how to set up logging in RBAC and also is it possible to get the granularity and simplicity of sudo logging in RBAC. I have heard that RBAC logs are complicated to read and not as simple and granular as sudo logs. Your help... (0 Replies)
Discussion started by: geomonap
0 Replies

2. Solaris

Rbac

I am trying to let user asillitoe su to the godbrook role to execute commands. I have editted files as follows: user_attr: asillito::::type=normal;roles=godbrook godbrook::::type=role;profiles=Gadbrook,All prof_attr: Gadbrook:::Allow root commands to be used by godbrook: exec_attr:... (0 Replies)
Discussion started by: chrisdberry
0 Replies

3. Solaris

RBAC Help

do i have to create a new account to add a role? i want the sysadmin login i have 3 users on my systems sysadmin secman oc01 also 3 profiles SA (goes t0 sysadmin account) SSO (goes to secman account) LMICS (goes to oc01 account) the user accounts are located in /h/USERS/local the... (4 Replies)
Discussion started by: deaconf19
4 Replies

4. Shell Programming and Scripting

Automating RBAC with IF/Then statement

what would be easier to automate a script if/then ? (0 Replies)
Discussion started by: deaconf19
0 Replies

5. UNIX for Dummies Questions & Answers

Unix Rbac

Can anyone help me on "How to change Unix to support RBAC policy"? (4 Replies)
Discussion started by: JPoroo
4 Replies

6. Linux

Sudo user vs RBAC

Hi all, What the difference between the sudo users & RBAC when the talk of effects after doing the above comes??? any differences between them ,kindly list ?? (1 Reply)
Discussion started by: saurabh84g
1 Replies

7. Solaris

rbac problem.

Hi all! On backup server with contab my script worked, but one command don't fine to be executed: bash-3.00$ scp itadmin@172.17.0.44:/export/backups/* /bckp1/opencms/bcp_`date +%Y%m%d`/ www-zone.cfg 100%... (0 Replies)
Discussion started by: sotich82
0 Replies

8. Solaris

RBAC related question.....

I am referring Bill Calkins(SCSA exam prep) for RBAC..actually i wanted to make a normal user to get the privilege to run a command through authorization, not through profile files... This is the exact steps given by Bill calkins.. 1.roleadd -m -d /export/home/adminusr -c... (11 Replies)
Discussion started by: saagar
11 Replies

9. HP-UX

RBAC question

hi every one i tried rbac and i made 1- role called GizaRoot 2- group called gizagroup 3- added privlage autherization called "m.k" /usr/sbin/useradd:dflt:(m.k,*):0/0//:dflt:dflt:dflt: i assigned the role to group and add user to that group then su to user and tried to use the command ... (0 Replies)
Discussion started by: maxim42
0 Replies

10. AIX

RBAC and LDAP users (AD)

Hello everyone, I am having trouble with something, and I can't find the right answer online. On our company, we are using LDAP Authentication with Active Directory (Windows 2008 Servers) to have a centralized management of AIX 7.1 users. So far so good, but now, we want to implement RBAC on... (7 Replies)
Discussion started by: Janpol
7 Replies

LEARN ABOUT MOJAVE

moosex::role::parameterized::extending

MooseX::Role::Parameterized::Extending(3)		User Contributed Perl Documentation		 MooseX::Role::Parameterized::Extending(3)

NAME

       MooseX::Role::Parameterized::Extending - extending MooseX::Role::Parameterized roles

DESCRIPTION

       There are heaps of useful modules in the "MooseX" namespace that you can use to make your roles more powerful. However, they do not always
       work out of the box with MooseX::Role::Parameterized, but it's fairly straight-forward to achieve the functionality you desire.

       MooseX::Role::Parameterized was designed to be as extensible as the rest of Moose, and as such it is possible to apply custom traits to
       both the parameterizable role or the ordinary roles they generate. In this example, we will look at applying the fake trait
       "MooseX::MagicRole" to a parameterizable role.

       First we need to define a new metaclass for our parameterizable role.

	   package MyApp::Meta::Role::Parameterizable;
	   use Moose;
	   extends 'MooseX::Role::Parameterized::Meta::Role::Parameterizable';
	   with 'MooseX::MagicRole';

       This is a class (observe that it uses Moose, not Moose::Role) which extends the class which governs parameterizable roles.
       MooseX::Role::Parameterized::Meta::Role::Parameterizable is the metaclass that packages using MooseX::Role::Parameterized receive by
       default.

       Note that the class we are extending, MooseX::Role::Parameterized::Meta::Role::Parameterizable, is entirely distinct from the similarly-
       named class which governs the ordinary roles that parameterized roles generate. An instance of
       MooseX::Role::Parameterized::Meta::Role::Parameterized represents a role with its parameters already bound.

       Now we can take advantage of our new subclass by specifying that we want to use "MyApp::Meta::Role::Parameterizable" as our metaclass when
       importing MooseX::Role::Parameterized:

	   package MyApp::Role;
	   use MooseX::Role::Parameterized -metaclass => 'MyApp::Meta::Role::Parameterizable';

	   role {
	       ...
	   }

       And there you go! "MyApp::Role" now has the "MooseX::MagicRole" trait applied.

perl v5.18.2							    2012-08-14				 MooseX::Role::Parameterized::Extending(3)
All times are GMT -4. The time now is 08:33 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy