06-30-2008
Group significance in mkrole aix 5.3
Hello... I am getting ready to create a bunch of groups for several of our servers all of which are running Aix 5.3. We really want to keep people away from using the root login and as such the systems have been hardened using aixpert and if it is absolutely needed people must su -.
There are about three support roles that don't exist within the Aix defaults. I would like to create the role SiteAdmin, which will have access to security, shutdown, lp, audit, printq PrintManager which will have lp and printq group and RemoteSupport which will have access to just about everything. Now when I create a role in aix there is a field for groups, but i seem to be a little confused as to its use or requirement status. I'm thinking I would add the groups that i have listed above in these fields, but will it make any difference if i dont? It seems that the roles in 5.3 are little more than titles anyway, which is fine by me I just really need some clairification as to how the whole process comes together. If anyone has any experience in this area i would really appreciate it!
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Does anyone know what pipe string might be used to determine how many people are logged onto an AIX system where a group ID begins with lets say 4.
In other words, I am looking to query the system for the number of people currently logged onto a system that belong to any group starting with 4.... (1 Reply)
Discussion started by: afiore
1 Replies
2. UNIX for Dummies Questions & Answers
Hi, I'm new in this AIX Version 4.3 system,can anywone help?
1 - I need to create a group (ftp) and give permissions
2 - I need to create a user (ftp)
3 - I need to stop the user from go out is home directory (cd ..) (0 Replies)
Discussion started by: marques_rmc
0 Replies
3. UNIX for Dummies Questions & Answers
Hello AIX gurus,
I have a requirement where I have to change user ID of user "myuser" from 100 to 200 and also the group ID of "mygroup" from 2 to 3. Please note that "myuser" has "mygroup" as it's primary group.
What steps do I need to follow for this and in what order? Also can you please... (2 Replies)
Discussion started by: sacguy08
2 Replies
4. AIX
My current stat is as follows
drwxrwsr-x 176 user_a group1 16384 Dec 14 10:11 .
drwxr-xr-x 4 user_a group1 4096 Feb 28 2006 ..
drwxrwsr-x 5 user_c group1 4096 Feb 25 2010 folderx
My user is user_g and member of groups=group1,group2
and i try to
chgrp group2 folderx... (6 Replies)
Discussion started by: skfn1203
6 Replies
5. AIX
Hi,
I have AIX processes something as below, how to know the resources consumption group by process pattern "price" and "devdb"?
eg:
CPU RAM WIO
price 20% 250M 5%
devdb 30% 1000M 8%
oracle 2990122 1 0 10:33:39 - 0:00... (1 Reply)
Discussion started by: victorcheung
1 Replies
6. Shell Programming and Scripting
Hi,
I am trying to read files from NFS mount. The ID with which I am trying to read is part of 16+ groups.
This is causing problem in doing change directory to the NFS mount directory.
I was able to get some code which does newgrp to change the default group so that I could change... (3 Replies)
Discussion started by: pinnacle
3 Replies
7. AIX
We have an environment of around 50 AIX LPARs. We use scripts for user and group account management but it is starting to get unwieldy to document and manage the accounts. It would be doable with scripts but before we dedicate resources to that, I was wondering if there is any product that you... (2 Replies)
Discussion started by: wilford
2 Replies
8. AIX
Has anyone ever encountered this? It's one of those it was working Monday but not today issues.
We have an account pcadmin in the group utl, its supposed to read the files in utl. No issues on Monday, but today pcadmin can't read anything owned by utl. Below you can see it still has the group... (8 Replies)
Discussion started by: J-Man
8 Replies
9. AIX
Please let me know which volume group will be suitable for creation of 5 TB for datavg norma,big,scalable (4 Replies)
Discussion started by: manoj.solaris
4 Replies
10. AIX
I'm trying to change volume group of a disk, I'm setting up a PowerHa cluster and need to create a volume group named caavg_private and assigne it to hdisk3.
what is the right methods (commands) of doing this?
hdisk0 00f9a6dc66a06fcf None ... (1 Reply)
Discussion started by: spiderpig
1 Replies
roles(1) User Commands roles(1)
NAME
roles - print roles granted to a user
SYNOPSIS
roles [ user ...]
DESCRIPTION
The command roles prints on standard output the roles that you or the optionally-specified user have been granted. Roles are special
accounts that correspond to a functional responsibility rather than to an actual person (referred to as a normal user).
Each user may have zero or more roles. Roles have most of the attributes of normal users and are identified like normal users in passwd(4)
and shadow(4). Each role must have an entry in the user_attr(4) file that identifies it as a role. Roles can have their own authorizations
and profiles. See auths(1) and profiles(1).
Roles are not allowed to log into a system as a primary user. Instead, a user must log in as him-- or herself and assume the role. The
actions of a role are attributable to the normal user. When auditing is enabled, the audited events of the role contain the audit ID of the
original user who assumed the role.
A role may not assume itself or any other role. Roles are not hierarchical. However, rights profiles (see prof_attr(4)) are hierarchical
and can be used to achieve the same effect as hierarchical roles.
Roles must have valid passwords and one of the shells that interprets profiles: either pfcsh, pfksh, or pfsh. See pfexec(1).
Role assumption may be performed using su(1M), rlogin(1), or some other service that supports the PAM_RUSER variable. Successful assumption
requires knowledge of the role's password and membership in the role. Role assignments are specified in user_attr(4).
EXAMPLES
Example 1: Sample output
The output of the roles command has the following form:
example% roles tester01 tester02
tester01 : admin
tester02 : secadmin, root
example%
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
FILES
/etc/user_attr
/etc/security/auth_attr
/etc/security/prof_attr
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO
auths(1), pfexec(1), profiles(1), rlogin(1), su(1M), getauusernam(3BSM), auth_attr(4), passwd(4), prof_attr(4), shadow(4), user_attr(4),
attributes(5)
SunOS 5.10 14 Feb 2001 roles(1)