07-20-2009
Quote:
Originally Posted by
samar
i suspect that executive attribution has not given correct for your role that it cant execute "shutdown"
No, it simply can't work. The book example is wrong in the sense authorizations can't grant a role to shutdown with regular Solaris.
The workaround is to use profiles like you do.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
well, I was suggested to remove the contents of the cache as i get out of the browser netscape from the .netscape folder. is that really necessary? if so what are the rest to be done?
can anybody please tell me?:rolleyes: (8 Replies)
Discussion started by: sskb
8 Replies
2. Programming
Hi all,
Just a little question relative to signals.
I know that if an application is in the sleep state, When a signal is catched, it will be processed by the handler. But what happens if it's processing something? Does the processing stops??
The following code should illustrate this case
... (2 Replies)
Discussion started by: ninjanesto
2 Replies
3. UNIX for Advanced & Expert Users
Hello,
I have created following alias in csh
lab 'rlogin -l user23 complab23'
but problem is complab23 does not allow automatic login by checking .rhosts file. So after typing lab on command line I have to type complicate password and if wrong password is typed thrice then account gets... (4 Replies)
Discussion started by: neerajrathi2
4 Replies
4. AIX
I would like to use the Role Based access control to granulize some of the administration of AIX systems in our organization. Across the company we will be using aix 5.3. One of these roles will only have the access to make, change and delete users, something similar to ManageAllUsers. The thing... (1 Reply)
Discussion started by: dgaixsysadm
1 Replies
5. HP-UX
hi every one i tried rbac and i made
1- role called GizaRoot
2- group called gizagroup
3- added privlage autherization called "m.k"
/usr/sbin/useradd:dflt:(m.k,*):0/0//:dflt:dflt:dflt:
i assigned the role to group and add user to that group then su to user and tried to use the command ... (0 Replies)
Discussion started by: maxim42
0 Replies
6. Shell Programming and Scripting
Hi All,
When i have run the below command its showing 90% which is critical for production. for this i need the answer of some below question please help me for that.
1) i want to delete some unwanted files. how can i know the unwanted files ?Is it there any way of knowing this??
2)and... (2 Replies)
Discussion started by: aish11
2 Replies
7. Shell Programming and Scripting
awk "/^<Mar 31, 2012 : /,0" /app/blah.log
can someone please help me figure out why the above command isn't pulling anything out from the log?
basically, i want it to pull out all records, from the very first line that starts with the date "Mar 31, 2012" and that also has a time immediately... (4 Replies)
Discussion started by: SkySmart
4 Replies
8. UNIX for Dummies Questions & Answers
If I run a script called 'abc.sh' and then execute the following :
ps -ef | grep 'abc.sh'
I always get two rows of output, one for the executing script, and the other for the grep command that I have triggered after the pipe.
Questions: Why does the second row turn up in the results. My... (10 Replies)
Discussion started by: jawsnnn
10 Replies
9. Shell Programming and Scripting
awk -F ";" 'FNR==NR{a=$1;next} ($2 in a)' server.list datafile | while read line
do
echo ${line}
done
when i run the above, i get this:
1 SERVICE NOTIFICATION: nagiosadmin skysmart-01.sky.net ....
instead of:
SERVICE NOTIFICATION: nagiosadmin skysmart-01.sky.net ....
can... (4 Replies)
Discussion started by: SkySmart
4 Replies
10. UNIX for Dummies Questions & Answers
We have huge file with control A as delimiter. Somehow one record is corrupted. This time i figured it out using ETL graph. If future , how to print only bad record.
Example Correct record:... (2 Replies)
Discussion started by: srikanth38
2 Replies
LEARN ABOUT OPENSOLARIS
roles
roles(1) User Commands roles(1)
NAME
roles - print roles granted to a user
SYNOPSIS
roles [ user ]...
DESCRIPTION
The command roles prints on standard output the roles that you or the optionally-specified user have been granted. Roles are special
accounts that correspond to a functional responsibility rather than to an actual person (referred to as a normal user).
Each user may have zero or more roles. Roles have most of the attributes of normal users and are identified like normal users in passwd(4)
and shadow(4). Each role must have an entry in the user_attr(4) file that identifies it as a role. Roles can have their own authorizations
and profiles. See auths(1) and profiles(1).
Roles are not allowed to log into a system as a primary user. Instead, a user must log in as him-- or herself and assume the role. The
actions of a role are attributable to the normal user. When auditing is enabled, the audited events of the role contain the audit ID of the
original user who assumed the role.
A role may not assume itself or any other role. Roles are not hierarchical. However, rights profiles (see prof_attr(4)) are hierarchical
and can be used to achieve the same effect as hierarchical roles.
Roles must have valid passwords and one of the shells that interprets profiles: either pfcsh, pfksh, or pfsh. See pfexec(1).
Role assumption may be performed using su(1M), rlogin(1), or some other service that supports the PAM_RUSER variable. Successful assumption
requires knowledge of the role's password and membership in the role. Role assignments are specified in user_attr(4).
EXAMPLES
Example 1 Sample output
The output of the roles command has the following form:
example% roles tester01 tester02tester01 : admin
tester02 : secadmin, root
example%
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
FILES
/etc/user_attr
/etc/security/auth_attr
/etc/security/prof_attr
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO
auths(1), pfexec(1), profiles(1), rlogin(1), su(1M), getauusernam(3BSM), auth_attr(4), passwd(4), prof_attr(4), shadow(4), user_attr(4),
attributes(5)
SunOS 5.11 14 Feb 2001 roles(1)