11-05-2011
RBAC with aix5.3
Hi admins,
I want to distribute some root privileges to non-root accounts.Like user john should handle only LVM activities.User San should handle all user level activities etc.
i was searching for rbac features and found some are with 5.3
Here we can create new role but no new authorizations.
Please let me know how to create new role to perform LVM activities .
Regards
newaix
9 More Discussions You Might Find Interesting
1. Cybersecurity
I run a HP-9000 system with HP-UX version 11.0 and Informix-4GL version 7.2. I run this system for the military. There was a security issue where only a select few could have the UID of "0". One of those individuals is me (I am the SA). My question is how can i setup my personnel to be able to... (2 Replies)
Discussion started by: JackieRyan26
2 Replies
2. UNIX for Dummies Questions & Answers
How do you determine which users have permission to use root priviledges? (4 Replies)
Discussion started by: Ben070371
4 Replies
3. Post Here to Contact Site Administrators and Moderators
hi
how to disable the useraccount in aix (should not remove). (1 Reply)
Discussion started by: chomca
1 Replies
4. UNIX for Dummies Questions & Answers
Thanks
AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies
5. Cybersecurity
Please help me identify these user accounts..
bin, lp, nuucp, smbnull, mysql, tftp
Can we remove these user or disable these users?We have to apply the security policy about the user identification.Since it was settup by our vendor long time ago. We do not have these informations about these... (3 Replies)
Discussion started by: rdstkg
3 Replies
6. Red Hat
Hi All,
I want to know is there any way where if i add a user in a centos machine the can be replicated to another centos automatically.
As i have setup DRBD with heartbeat for apache webserver everything is working fine but the only thing im stuck in is about system account for ftp.
Can any... (3 Replies)
Discussion started by: search4u2003
3 Replies
7. Solaris
I want create user. That user should be login to any server without asking password. How? tell me in detail.
:wall: (3 Replies)
Discussion started by: Navkreddy
3 Replies
8. UNIX for Dummies Questions & Answers
Hi - I want to log commands typed by oraapps user with time into some log file on runtime.
HISTTIMEFORMAT="%d/%m/%y %T " works but any one with oraapps user can delete the history.
OS : RHEl 5.6
Any help is appreciated. (5 Replies)
Discussion started by: oraclermanpt
5 Replies
9. HP-UX
I need to check actual date a user was disabled on my HP-UX server.
Audit is claiming the user account was active during the last audit exercise. (7 Replies)
Discussion started by: cyriac_N
7 Replies
roles(1) User Commands roles(1)
NAME
roles - print roles granted to a user
SYNOPSIS
roles [ user ...]
DESCRIPTION
The command roles prints on standard output the roles that you or the optionally-specified user have been granted. Roles are special
accounts that correspond to a functional responsibility rather than to an actual person (referred to as a normal user).
Each user may have zero or more roles. Roles have most of the attributes of normal users and are identified like normal users in passwd(4)
and shadow(4). Each role must have an entry in the user_attr(4) file that identifies it as a role. Roles can have their own authorizations
and profiles. See auths(1) and profiles(1).
Roles are not allowed to log into a system as a primary user. Instead, a user must log in as him-- or herself and assume the role. The
actions of a role are attributable to the normal user. When auditing is enabled, the audited events of the role contain the audit ID of the
original user who assumed the role.
A role may not assume itself or any other role. Roles are not hierarchical. However, rights profiles (see prof_attr(4)) are hierarchical
and can be used to achieve the same effect as hierarchical roles.
Roles must have valid passwords and one of the shells that interprets profiles: either pfcsh, pfksh, or pfsh. See pfexec(1).
Role assumption may be performed using su(1M), rlogin(1), or some other service that supports the PAM_RUSER variable. Successful assumption
requires knowledge of the role's password and membership in the role. Role assignments are specified in user_attr(4).
EXAMPLES
Example 1: Sample output
The output of the roles command has the following form:
example% roles tester01 tester02
tester01 : admin
tester02 : secadmin, root
example%
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
FILES
/etc/user_attr
/etc/security/auth_attr
/etc/security/prof_attr
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO
auths(1), pfexec(1), profiles(1), rlogin(1), su(1M), getauusernam(3BSM), auth_attr(4), passwd(4), prof_attr(4), shadow(4), user_attr(4),
attributes(5)
SunOS 5.10 14 Feb 2001 roles(1)