Visit Our UNIX and Linux User Community

Full Discussion: RBAC related question.....
Operating Systems Solaris RBAC related question..... Post 302335602 by samar on Monday 20th of July 2009 04:51:52 AM
Old 07-20-2009
Originally Posted by samar
let me see /etc/user_attr file.

Good luck
so i dont know how u managed that,i suspect that executive attribution has not given correct for your role that it cant execute "shutdown",
but example shown below works 100% :

# useradd -m -d /export/home/testuser testuser
64 blocks
# passwd testuser
New Password:
Re-enter new Password:
passwd: password successfully changed for testuser
# grep testuser /etc/passwd
# roleadd -m -d /export/home/shutdown shutdown
64 blocks
# passwd shutdown
New Password:
Re-enter new Password:
passwd: password successfully changed for shutdown
# grep shutdown /etc/passwd
# usermod -R shutdown testuser
# grep testuser /etc/user_attr

#echo "SHUTDOWN::Smilierofile to shutdown:help=shutdown.html" > /etc/security/prof_attr
#rolemod -P SHUTDOWN shutdown
#echo "SHUTDOWN:suser:cmd:::/usr/sbin/shutdown:uid=0" > /etc/security/exec_attr


login as: testuser
Using keyboard-interactive authentication.
Last login: Mon Jul 20 12:36:57 2009 from
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
$ su - shutdown
$ /usr/sbin/shutdown

hutdown started. Mon Jul 20 12:53:22 GET 2009

Broadcast Message from root (pts/2) on gantek4 Mon Jul 20 12:53:22...
The system gantek4 will be shut down in 1 minute

showmount: gantek4: RPC: Program not registered
Broadcast Message from root (pts/2) on gantek4 Mon Jul 20 12:53:52...
The system gantek4 will be shut down in 30 seconds

Good luck
Test Your Knowledge in Computers #732
Difficulty: Easy
In BASIC, GOTO jumps to a numbered or labelled line in the program.
True or False?

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

A Question related to the net

well, I was suggested to remove the contents of the cache as i get out of the browser netscape from the .netscape folder. is that really necessary? if so what are the rest to be done? can anybody please tell me?:rolleyes: (8 Replies)
Discussion started by: sskb
8 Replies

2. Programming

signals related question

Hi all, Just a little question relative to signals. I know that if an application is in the sleep state, When a signal is catched, it will be processed by the handler. But what happens if it's processing something? Does the processing stops?? The following code should illustrate this case ... (2 Replies)
Discussion started by: ninjanesto
2 Replies

3. UNIX for Advanced & Expert Users

One Question related to alias

Hello, I have created following alias in csh lab 'rlogin -l user23 complab23' but problem is complab23 does not allow automatic login by checking .rhosts file. So after typing lab on command line I have to type complicate password and if wrong password is typed thrice then account gets... (4 Replies)
Discussion started by: neerajrathi2
4 Replies

4. AIX

RBAC in 5.3 Question

I would like to use the Role Based access control to granulize some of the administration of AIX systems in our organization. Across the company we will be using aix 5.3. One of these roles will only have the access to make, change and delete users, something similar to ManageAllUsers. The thing... (1 Reply)
Discussion started by: dgaixsysadm
1 Replies

5. HP-UX

RBAC question

hi every one i tried rbac and i made 1- role called GizaRoot 2- group called gizagroup 3- added privlage autherization called "m.k" /usr/sbin/useradd:dflt:(m.k,*):0/0//:dflt:dflt:dflt: i assigned the role to group and add user to that group then su to user and tried to use the command ... (0 Replies)
Discussion started by: maxim42
0 Replies

6. Shell Programming and Scripting

having df command related question

Hi All, When i have run the below command its showing 90% which is critical for production. for this i need the answer of some below question please help me for that. 1) i want to delete some unwanted files. how can i know the unwanted files ?Is it there any way of knowing this?? 2)and... (2 Replies)
Discussion started by: aish11
2 Replies

7. Shell Programming and Scripting

awk related question

awk "/^<Mar 31, 2012 : /,0" /app/blah.log can someone please help me figure out why the above command isn't pulling anything out from the log? basically, i want it to pull out all records, from the very first line that starts with the date "Mar 31, 2012" and that also has a time immediately... (4 Replies)
Discussion started by: SkySmart
4 Replies

8. UNIX for Dummies Questions & Answers

Question related to 'ps'

If I run a script called '' and then execute the following : ps -ef | grep '' I always get two rows of output, one for the executing script, and the other for the grep command that I have triggered after the pipe. Questions: Why does the second row turn up in the results. My... (10 Replies)
Discussion started by: jawsnnn
10 Replies

9. Shell Programming and Scripting

awk related question

awk -F ";" 'FNR==NR{a=$1;next} ($2 in a)' server.list datafile | while read line do echo ${line} done when i run the above, i get this: 1 SERVICE NOTIFICATION: nagiosadmin .... instead of: SERVICE NOTIFICATION: nagiosadmin .... can... (4 Replies)
Discussion started by: SkySmart
4 Replies

10. UNIX for Dummies Questions & Answers

Question related to grep

We have huge file with control A as delimiter. Somehow one record is corrupted. This time i figured it out using ETL graph. If future , how to print only bad record. Example Correct record:... (2 Replies)
Discussion started by: srikanth38
2 Replies
auths(1)							   User Commands							  auths(1)

auths - print authorizations granted to a user SYNOPSIS
auths [ user ...] DESCRIPTION
The auths command prints on standard output the authorizations that you or the optionally-specified user or role have been granted. Autho- rizations are rights that are checked by certain privileged programs to determine whether a user may execute restricted functionality. Each user may have zero or more authorizations. Authorizations are represented by fully-qualified names, which identify the organization that created the authorization and the functionality that it controls. Following the Java convention, the hierarchical components of an authorization are separated by dots (.), starting with the reverse order Internet domain name of the creating organization, and ending with the specific function within a class of authorizations. An asterisk (*) indicates all authorizations in a class. A user's authorizations are looked up in user_attr(4) and in the /etc/security/policy.conf file (see policy.conf(4)). Authorizations may be specified directly in user_attr(4) or indirectly through prof_attr(4). Authorizations may also be assigned to every user in the system directly as default authorizations or indirectly as default profiles in the /etc/security/policy.conf file. EXAMPLES
Example 1: Sample output The auths output has the following form: example% auths tester01 tester02 tester01 :, tester02 : solaris.system.* example% Notice that there is no space after the comma separating the authorization names in tester01. EXIT STATUS
The following exit values are returned: 0 Successful completion. 1 An error occurred. FILES
/etc/user_attr /etc/security/auth_attr /etc/security/policy.conf /etc/security/prof_attr ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ SEE ALSO
profiles(1), roles(1), getauthattr(3SECDB), auth_attr(4), policy.conf(4), prof_attr(4), user_attr(4), attributes(5) SunOS 5.10 25 Mar 2004 auths(1)

Featured Tech Videos

All times are GMT -4. The time now is 05:18 AM.
Unix & Linux Forums Content Copyright 1993-2020. All Rights Reserved.
Privacy Policy