08-07-2017
The usermod assigns a role to a user, the rolemod command creates and modifies roles. I would use existing roles to start with and assign them to a user. Basic security (groups, etc.) should be used for file access because software you buy and load expects this, e.g. databases, math software.
Try:
Role-Based Access Control (Overview) - Oracle Solaris Administration: Security Services
RBAC is meant for creating profiles for users like system operators who have to be able to run backups, restore disks, fix printer problems, etc. It is great for that purpose. IMO, messing around with general users and RBAC causes problems that do not need to happen. If you need elevated security you need to be on a trusted version of the OS for starters.
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hello friends,
This query is with regards to a script (pl/sql) which returns multiple values.
Please see below script wherein the query returns a single value and is assigned to a single variable
DB_VALID_CDR=`sqlplus -s user/pass<<!EOF | grep -v "^Connected" 2>&1
set termout off echo... (2 Replies)
Discussion started by: vivek_damodaran
2 Replies
2. Solaris
I have an issue with integration between Microsoft LDAP users and RBAC roles defined in a Solaris box.
to explain more , i managed to integrate Microsoft Active Directory user loggings to Solaris boxes. I've done it to centralize user repo. and instead of creating admin accounts on more than... (9 Replies)
Discussion started by: mduweik
9 Replies
3. Shell Programming and Scripting
hi
I have two tables in oracle DB and am using a joining query which will result in the output as follows.
i need to assign it to a two dimensional array and use it for my further calculations.
the way i tried is as follows.
#!/bin/ksh
export... (1 Reply)
Discussion started by: aemunathan
1 Replies
4. UNIX for Dummies Questions & Answers
I have 2 physical interfaces (bnx0 and bnx1) aggregated into aggr1. I need to assign second IP, and normally I know how to do it to physical interface (i.e. bnx0:1) however same trick (aggr1:1) is not working. Is there any way to do it? (0 Replies)
Discussion started by: bratan
0 Replies
5. Shell Programming and Scripting
Hi Folks,
I am trying to make a script to assign all diskspace to slice 0, on multiple sized disks. Since the disks are new they may need to be labelled also to avoid the error: Cannot get disk geometry
Below is my code struggling with logic which doesn't seem to be producing the desired... (0 Replies)
Discussion started by: momin
0 Replies
6. Shell Programming and Scripting
background : Solaris, ksh
metresult="ooo
> pp"
ts=89
eval append_${ts}="$metresult"
bash: pp: command not found
I want to create a variable which has in a part of its name a dynamically-established number (stored in another variable) usually I do this with eval command. The problem I... (5 Replies)
Discussion started by: black_fender
5 Replies
7. Shell Programming and Scripting
Hi all,
I have a big file (n.txt) with following pattern:
ATOM 1 N SER A 1 122.392 152.261 138.190 1.00 0.00 N
ATOM 2 CA SER A 1 122.726 151.241 139.183 1.00 0.00 C
TER
ENDMDL
ATOM 1 N SER A 1 114.207 142.287 135.439 1.00 0.00 ... (3 Replies)
Discussion started by: bioinfo
3 Replies
8. UNIX and Linux Applications
I have these two table. How do I see if user roles and system roles are seperated?
SQL> desc DBA_ROLES;
Name Null? Type
----------------------------------------- -------- ----------------------------
ROLE NOT NULL... (1 Reply)
Discussion started by: alvinoo
1 Replies
9. Shell Programming and Scripting
The file1 contains mistakes and looks like
1 No one have never become rich by giving.
Anne Dickens
2 No one is worthless in this globe who lightens the weights of other.
Charles_Dickens
file2 contains the correction of words and looks like
rich poor
have has
never ever... (3 Replies)
Discussion started by: sammy777888
3 Replies
10. Shell Programming and Scripting
Hi,
I need a help on my requirement that
eg: NEED="TEST=Name WORK=Ps DEL=let"
Here the definition can be n number, could anybody have an idea to get the output as,
TEST=Name
WORK=Ps
DEL=let
..
..
till the 'n' definitions listed.
Any suggestions please.....
Regards,
ricky (6 Replies)
Discussion started by: ricky-row
6 Replies
LEARN ABOUT OPENSOLARIS
roles
roles(1) User Commands roles(1)
NAME
roles - print roles granted to a user
SYNOPSIS
roles [ user ]...
DESCRIPTION
The command roles prints on standard output the roles that you or the optionally-specified user have been granted. Roles are special
accounts that correspond to a functional responsibility rather than to an actual person (referred to as a normal user).
Each user may have zero or more roles. Roles have most of the attributes of normal users and are identified like normal users in passwd(4)
and shadow(4). Each role must have an entry in the user_attr(4) file that identifies it as a role. Roles can have their own authorizations
and profiles. See auths(1) and profiles(1).
Roles are not allowed to log into a system as a primary user. Instead, a user must log in as him-- or herself and assume the role. The
actions of a role are attributable to the normal user. When auditing is enabled, the audited events of the role contain the audit ID of the
original user who assumed the role.
A role may not assume itself or any other role. Roles are not hierarchical. However, rights profiles (see prof_attr(4)) are hierarchical
and can be used to achieve the same effect as hierarchical roles.
Roles must have valid passwords and one of the shells that interprets profiles: either pfcsh, pfksh, or pfsh. See pfexec(1).
Role assumption may be performed using su(1M), rlogin(1), or some other service that supports the PAM_RUSER variable. Successful assumption
requires knowledge of the role's password and membership in the role. Role assignments are specified in user_attr(4).
EXAMPLES
Example 1 Sample output
The output of the roles command has the following form:
example% roles tester01 tester02tester01 : admin
tester02 : secadmin, root
example%
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
FILES
/etc/user_attr
/etc/security/auth_attr
/etc/security/prof_attr
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO
auths(1), pfexec(1), profiles(1), rlogin(1), su(1M), getauusernam(3BSM), auth_attr(4), passwd(4), prof_attr(4), shadow(4), user_attr(4),
attributes(5)
SunOS 5.11 14 Feb 2001 roles(1)