Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: RBAC related question.....
Operating Systems Solaris RBAC related question..... Post 302335806 by saagar on Monday 20th of July 2009 01:55:10 PM
Old 07-20-2009
samar and jlliagre, thanks for your valuable time...

I understand the need for entries in /etc/security/prof_attr and /etc/security/exec_attr..but let me ask you .. suppose if i do that this way:
vi /etc/security/prof_attr
shut:::Shut down the system:

vi /etc/security/exec_attr
shut:suser:cmd:::/usr/sbin/shutdown:uid=0

(note that the profile is not being given auths=solaris.system.shutdown attribute)

roleadd -m -d /export/home/adminusr -P shut adminusr

usermod -R adminusr neil

It works perfect even without any authorization...then where will the need for the -A switch arise..?This is the question I am trying to get an answer for the whole 5 hours of yesterday.., that is the reason why I wanted to create a role and user with just entries in /etc/user_attr instead of /etc/security/prof_attr and /etc/security/exec_attr.
kindly help me out...!
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

A Question related to the net

well, I was suggested to remove the contents of the cache as i get out of the browser netscape from the .netscape folder. is that really necessary? if so what are the rest to be done? can anybody please tell me?:rolleyes: (8 Replies)
Discussion started by: sskb
8 Replies

2. Programming

signals related question

Hi all, Just a little question relative to signals. I know that if an application is in the sleep state, When a signal is catched, it will be processed by the handler. But what happens if it's processing something? Does the processing stops?? The following code should illustrate this case ... (2 Replies)
Discussion started by: ninjanesto
2 Replies

3. UNIX for Advanced & Expert Users

One Question related to alias

Hello, I have created following alias in csh lab 'rlogin -l user23 complab23' but problem is complab23 does not allow automatic login by checking .rhosts file. So after typing lab on command line I have to type complicate password and if wrong password is typed thrice then account gets... (4 Replies)
Discussion started by: neerajrathi2
4 Replies

4. AIX

RBAC in 5.3 Question

I would like to use the Role Based access control to granulize some of the administration of AIX systems in our organization. Across the company we will be using aix 5.3. One of these roles will only have the access to make, change and delete users, something similar to ManageAllUsers. The thing... (1 Reply)
Discussion started by: dgaixsysadm
1 Replies

5. HP-UX

RBAC question

hi every one i tried rbac and i made 1- role called GizaRoot 2- group called gizagroup 3- added privlage autherization called "m.k" /usr/sbin/useradd:dflt:(m.k,*):0/0//:dflt:dflt:dflt: i assigned the role to group and add user to that group then su to user and tried to use the command ... (0 Replies)
Discussion started by: maxim42
0 Replies

6. Shell Programming and Scripting

having df command related question

Hi All, When i have run the below command its showing 90% which is critical for production. for this i need the answer of some below question please help me for that. 1) i want to delete some unwanted files. how can i know the unwanted files ?Is it there any way of knowing this?? 2)and... (2 Replies)
Discussion started by: aish11
2 Replies

7. Shell Programming and Scripting

awk related question

awk "/^<Mar 31, 2012 : /,0" /app/blah.log can someone please help me figure out why the above command isn't pulling anything out from the log? basically, i want it to pull out all records, from the very first line that starts with the date "Mar 31, 2012" and that also has a time immediately... (4 Replies)
Discussion started by: SkySmart
4 Replies

8. UNIX for Dummies Questions & Answers

Question related to 'ps'

If I run a script called 'abc.sh' and then execute the following : ps -ef | grep 'abc.sh' I always get two rows of output, one for the executing script, and the other for the grep command that I have triggered after the pipe. Questions: Why does the second row turn up in the results. My... (10 Replies)
Discussion started by: jawsnnn
10 Replies

9. Shell Programming and Scripting

awk related question

awk -F ";" 'FNR==NR{a=$1;next} ($2 in a)' server.list datafile | while read line do echo ${line} done when i run the above, i get this: 1 SERVICE NOTIFICATION: nagiosadmin skysmart-01.sky.net .... instead of: SERVICE NOTIFICATION: nagiosadmin skysmart-01.sky.net .... can... (4 Replies)
Discussion started by: SkySmart
4 Replies

10. UNIX for Dummies Questions & Answers

Question related to grep

We have huge file with control A as delimiter. Somehow one record is corrupted. This time i figured it out using ETL graph. If future , how to print only bad record. Example Correct record:... (2 Replies)
Discussion started by: srikanth38
2 Replies

LEARN ABOUT HPUX

profiles

profiles(1)															       profiles(1)

NAME

       profiles - print execution profiles for a user

SYNOPSIS

       profiles [-l] [ user ...]

       The  profiles  command  prints  on standard output the names of the execution profiles that have been assigned to you or to the optionally-
       specified user or role name. Profiles are a bundling mechanism used to enumerate the commands and authorizations needed to perform  a  spe-
       cific  function.  Along	with  each  listed executable are the process attributes, such as the effective user and group IDs, with which the
       process runs when started by a privileged command interpreter. The profile shells are pfcsh, pfksh, and pfexec. See the pfexec(1) man page.
       Profiles can contain other profiles defined in prof_attr(4).

       Multiple  profiles can be combined to construct the appropriate access control. When profiles are assigned, the authorizations are added to
       the existing set. If the same command appears in multiple profiles, the first occurrence, as determined by the ordering of the profiles, is
       used for process-attribute settings. For convenience, a wild card can be specified to match all commands.

       When profiles are interpreted, the profile list is loaded from user_attr(4). If any default profile is defined in /etc/security/policy.conf
       (see policy.conf(4)), the list of default profiles are added to the list loaded from user_attr(4). Matching entries in prof_attr(4) provide
       the authorizations list, and matching entries in exec_attr(4) provide the commands list.

       The following options are supported:

       -l	Lists the commands in each profile followed by the special process attributes such as user and group IDs.

       Example 1: Sample Output

       The output of the profiles command has the following form:

       example% profiles tester01 tester02
       tester01 : Audit Management, All Commands
       tester02 : Device Management, All Commands
       example%

       Example 2: Using the list Option

       example% profiles -l tester01 tester02
       tester01 :
	   Audit Management:
	     /usr/sbin/audit	      euid=root
	     /usr/sbin/auditconfig    euid=root    egid=sys
	   All Commands:
	     *
       tester02 :
	   Device Management:
	     /usr/bin/allocate:       euid=root
	     /usr/bin/deallocate:     euid=root
	   All Commands
	     *
       example%

       The following exit values are returned:

       0	Successful completion.

       1	An error occurred.

       /etc/security/exec_attr

       /etc/security/prof_attr

       /etc/user_attr

       /etc/security/policy.conf

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

       auths(1), pfexec(1), roles(1), getprofattr(3SECDB), exec_attr(4), policy.conf(4), prof_attr(4), user_attr(4), attributes(5)

								    11 Feb 2000 						       profiles(1)
All times are GMT -4. The time now is 05:25 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy