09-24-2008
Sudo user vs RBAC
Hi all,
What the difference between the sudo users & RBAC when the talk of effects after doing the above comes???
any differences between them ,kindly list ??
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi,
I have created a user to shutdown the server using RBAC.
Here are my steps:
1. roleadd -u 1000 -g 10 -d /home/stopsys -m stopsys
2. passwd stopsys
3. edit /etc/security/prof_attr to include:
Shut:::able to shut the server:
4. modrole -P Shut stopsys
5. useradd -u 1001 -g 10 -d... (2 Replies)
Discussion started by: chaandana
2 Replies
2. UNIX for Dummies Questions & Answers
Morning guys, I'm hoping you can advise me as to whether or not the following is possible.
Is there a way of firing off an scp command with a sudo user as the user?
e.g. I am logged onto server1 as smith, but want to pull files from server2 that I can only read as sudo jones.
In my mind it... (3 Replies)
Discussion started by: dlam
3 Replies
3. Solaris
Hello Everybody
I would like to know any major difference between sudo & RBAC as I am bit familiar with RBAC but not with sudo (2 Replies)
Discussion started by: girish.batra
2 Replies
4. AIX
Run sudo to another user .
I have two users in my AIX system appadmin (Application admin ) and appuser (Application user)
Application Admin user has special permission to run every thing about this application.
I have one script called /usr/app.sh
Only appadmin has permission to run this... (11 Replies)
Discussion started by: Mr.AIX
11 Replies
5. UNIX for Dummies Questions & Answers
I am trying to run a command from different user on my server. However when i execute the command it asks for password can you please help.
when i use this command to switch user no password is required
1) sudo su - bilbtf42
when i use
2) sudo su - bilbtf42 cp file1 direcotry1/file1
... (3 Replies)
Discussion started by: blackeyed
3 Replies
6. UNIX for Dummies Questions & Answers
Hi folks,
Here is my question of the day 8-)
I have to provide the ability to sudo su - orapd2 & sudo su - pd2adm for the following people
User A, B, C, D which all of them are part of the group staff.
orapd2 and pd2adm are also users. Users A, B, C, D should not type the password for... (2 Replies)
Discussion started by: 300zxmuro
2 Replies
7. UNIX for Dummies Questions & Answers
Can a user who is not an admin be added to sudoers to allow them to elevate to root and run administrative tasks only from the command line by using sudo, but not be able to perform administrative tasks in any other capacity?
---------- Post updated at 11:07 AM ---------- Previous update was at... (1 Reply)
Discussion started by: glev2005
1 Replies
8. Shell Programming and Scripting
Hi All, I need your expertise to solve my problem, my account has permission to make sudo and su but when I try to switch user in a shell, it does not work with following message:
"Sorry, user jmbeltra is not allowed to execute '/usr/bin/su -c echo HELLO THERE - oracle' as root on dbbr1k01"
I... (4 Replies)
Discussion started by: Axtel
4 Replies
9. AIX
Hello All,
I am trying to grant sudo privileges to a set of users (say tom and jerry) to sudo to another set of users (jim, harry). This is because we don't want to disclose the password of jim and harry.
I did defined the user_alias and runas alias.
%wms ALL = (USR) /usr/bin/su -, where wms... (7 Replies)
Discussion started by: ibmtech
7 Replies
10. Solaris
Hi
I need to assign proc_owner privilege to particular user through RBAC. How can I assign this privilege to user, I need help on this.
Further I need to understand if I give this proc_owner privilege to particular user, what kind of control user will get on other user or system processes... (7 Replies)
Discussion started by: sb200
7 Replies
LEARN ABOUT DEBIAN
gradm2
GRADM(8) System Manager's Manual GRADM(8)
NAME
gradm - Administration program for the grsecurity RBAC system
SYNOPSIS
gradm [ -E ] [ -R ] [ -C ] [ -F ] [ -L <logfile> ] [ -O <filename|stream> ] [ -M <filename|uid> ] [ -D ] [ -P [rolename] ] [ -a <rolename>
] [ -n <rolename> ] [ -p <rolename> ] [ -u ] [ -V ] [ -h ] [ -v ]
DESCRIPTION
gradm is the userspace RBAC parsing and authentication program for grsecurity
grsecurity aims to be a complete security system for Linux 2.4. gradm performs several tasks for the RBAC system including authenticated
via a password to the kernel and parsing rules to be passed to the kernel.
OPTIONS
All options to gradm are mutually exclusive, except for -L and -O.
-E Enable the RBAC system
-R Reload the RBAC system (only valid while in admin mode)
-C Perform a check of the RBAC policy, running the same analysis against it that is performed when enabling.
-F Toggle full learning mode. If used only with -L, it enables the RBAC system in full learning mode. If used with -L and -O, it
parses the full learning logs and generates a complete ruleset.
-M <filename|uid>
Remove an execution ban on a given uid or filename that has been put in place by the RES_CRASH resource restriction of the RBAC sys-
tem.
-L <logfile>
Parses the learning logs. Accepts an argument which specifies the logfile to scan for the learning logs. If "-" is specified as
the logfile, stdin will be used as the learning log. This option can be used with -E, -O, or -F.
-O <filename|stream>
Specifies output mode. Requires a single argument that can be "stdout", "stderr", or a regular file. Only used with -L or -F.
-D Disable the RBAC system
-P [rolename]
Without an argument, it sets the password for administering the RBAC system. With a role name as an argument, it sets the password
for that given special role.
-a <rolename>
Authenticate to a special role that requires a password.
-n <rolename>
Authenticate to a special role that does not require a password.
-p <rolename>
Authenticate through PAM to a special role.
-u Removes yourself from your current special role, reverting back to the normal role selection. To be used, for instance, for logging
out of an admin role without exiting your shell.
-V Displays verbose policy statistics when enabling the RBAC system or checking the RBAC policy. Can only be used with -C, -E, or -F
-L <filename>
-h Display help information
-v Print version information and exit
REPORTING BUGS
Please include as much information as possible(using any available debugging options) and send bug reports for gradm or the grsecurity RBAC
system to spender@grsecurity.net.
AUTHOR
grsecurity and gradm were created and are maintained by Brad Spengler <spender@grsecurity.net>
GRADM(8)