Sponsored Content
Operating Systems AIX Group significance in mkrole aix 5.3 Post 302210354 by dgaixsysadm on Monday 30th of June 2008 06:24:12 PM
Old 06-30-2008
Group significance in mkrole aix 5.3

Hello... I am getting ready to create a bunch of groups for several of our servers all of which are running Aix 5.3. We really want to keep people away from using the root login and as such the systems have been hardened using aixpert and if it is absolutely needed people must su -.
There are about three support roles that don't exist within the Aix defaults. I would like to create the role SiteAdmin, which will have access to security, shutdown, lp, audit, printq PrintManager which will have lp and printq group and RemoteSupport which will have access to just about everything. Now when I create a role in aix there is a field for groups, but i seem to be a little confused as to its use or requirement status. I'm thinking I would add the groups that i have listed above in these fields, but will it make any difference if i dont? It seems that the roles in 5.3 are little more than titles anyway, which is fine by me I just really need some clairification as to how the whole process comes together. If anyone has any experience in this area i would really appreciate it!
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

AIX Unix.. number of users on system in a particular group

Does anyone know what pipe string might be used to determine how many people are logged onto an AIX system where a group ID begins with lets say 4. In other words, I am looking to query the system for the number of people currently logged onto a system that belong to any group starting with 4.... (1 Reply)
Discussion started by: afiore
1 Replies

2. UNIX for Dummies Questions & Answers

Aix ftp user and group

Hi, I'm new in this AIX Version 4.3 system,can anywone help? 1 - I need to create a group (ftp) and give permissions 2 - I need to create a user (ftp) 3 - I need to stop the user from go out is home directory (cd ..) (0 Replies)
Discussion started by: marques_rmc
0 Replies

3. UNIX for Dummies Questions & Answers

AIX user ID and group ID change

Hello AIX gurus, I have a requirement where I have to change user ID of user "myuser" from 100 to 200 and also the group ID of "mygroup" from 2 to 3. Please note that "myuser" has "mygroup" as it's primary group. What steps do I need to follow for this and in what order? Also can you please... (2 Replies)
Discussion started by: sacguy08
2 Replies

4. AIX

group permition problem in aix

My current stat is as follows drwxrwsr-x 176 user_a group1 16384 Dec 14 10:11 . drwxr-xr-x 4 user_a group1 4096 Feb 28 2006 .. drwxrwsr-x 5 user_c group1 4096 Feb 25 2010 folderx My user is user_g and member of groups=group1,group2 and i try to chgrp group2 folderx... (6 Replies)
Discussion started by: skfn1203
6 Replies

5. AIX

AIX resources consumption group by process pattern

Hi, I have AIX processes something as below, how to know the resources consumption group by process pattern "price" and "devdb"? eg: CPU RAM WIO price 20% 250M 5% devdb 30% 1000M 8% oracle 2990122 1 0 10:33:39 - 0:00... (1 Reply)
Discussion started by: victorcheung
1 Replies

6. Shell Programming and Scripting

NFS Mount 16+ group Issue in AIX

Hi, I am trying to read files from NFS mount. The ID with which I am trying to read is part of 16+ groups. This is causing problem in doing change directory to the NFS mount directory. I was able to get some code which does newgrp to change the default group so that I could change... (3 Replies)
Discussion started by: pinnacle
3 Replies

7. AIX

User/group management in AIX

We have an environment of around 50 AIX LPARs. We use scripts for user and group account management but it is starting to get unwieldy to document and manage the accounts. It would be doable with scripts but before we dedicate resources to that, I was wondering if there is any product that you... (2 Replies)
Discussion started by: wilford
2 Replies

8. AIX

AIX not following permission rules on group

Has anyone ever encountered this? It's one of those it was working Monday but not today issues. We have an account pcadmin in the group utl, its supposed to read the files in utl. No issues on Monday, but today pcadmin can't read anything owned by utl. Below you can see it still has the group... (8 Replies)
Discussion started by: J-Man
8 Replies

9. AIX

Need help on Volume group for AIX 6.1

Please let me know which volume group will be suitable for creation of 5 TB for datavg norma,big,scalable (4 Replies)
Discussion started by: manoj.solaris
4 Replies

10. AIX

AIX volume group

I'm trying to change volume group of a disk, I'm setting up a PowerHa cluster and need to create a volume group named caavg_private and assigne it to hdisk3. what is the right methods (commands) of doing this? hdisk0 00f9a6dc66a06fcf None ... (1 Reply)
Discussion started by: spiderpig
1 Replies
roles(1)							   User Commands							  roles(1)

NAME
roles - print roles granted to a user SYNOPSIS
roles [ user ...] DESCRIPTION
The command roles prints on standard output the roles that you or the optionally-specified user have been granted. Roles are special accounts that correspond to a functional responsibility rather than to an actual person (referred to as a normal user). Each user may have zero or more roles. Roles have most of the attributes of normal users and are identified like normal users in passwd(4) and shadow(4). Each role must have an entry in the user_attr(4) file that identifies it as a role. Roles can have their own authorizations and profiles. See auths(1) and profiles(1). Roles are not allowed to log into a system as a primary user. Instead, a user must log in as him-- or herself and assume the role. The actions of a role are attributable to the normal user. When auditing is enabled, the audited events of the role contain the audit ID of the original user who assumed the role. A role may not assume itself or any other role. Roles are not hierarchical. However, rights profiles (see prof_attr(4)) are hierarchical and can be used to achieve the same effect as hierarchical roles. Roles must have valid passwords and one of the shells that interprets profiles: either pfcsh, pfksh, or pfsh. See pfexec(1). Role assumption may be performed using su(1M), rlogin(1), or some other service that supports the PAM_RUSER variable. Successful assumption requires knowledge of the role's password and membership in the role. Role assignments are specified in user_attr(4). EXAMPLES
Example 1: Sample output The output of the roles command has the following form: example% roles tester01 tester02 tester01 : admin tester02 : secadmin, root example% EXIT STATUS
The following exit values are returned: 0 Successful completion. 1 An error occurred. FILES
/etc/user_attr /etc/security/auth_attr /etc/security/prof_attr ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ SEE ALSO
auths(1), pfexec(1), profiles(1), rlogin(1), su(1M), getauusernam(3BSM), auth_attr(4), passwd(4), prof_attr(4), shadow(4), user_attr(4), attributes(5) SunOS 5.10 14 Feb 2001 roles(1)
All times are GMT -4. The time now is 11:59 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy