10 More Discussions You Might Find Interesting
1. Linux
When unlocking a Linux server's console there's no event indicating successful logging
Is there a way I can fix this ?
I have the following in my rsyslog.conf
auth.info /var/log/secure
authpriv.info /var/log/secure (1 Reply)
Discussion started by: walterthered
1 Replies
2. AIX
Hi all,
i have a little problem...
I have a Trusted AIX v. 6.1 installed on my system p.
I can't disable RBAC mode...
$ lsattr -El sys0 -a enhanced_RBAC
enhanced_RBAC true Enhanced RBAC Mode True
$ chdev -l sys0 -a enhanced_RBAC=false
Method error (/usr/lib/methods/chggen):
0514-018... (3 Replies)
Discussion started by: Zio Bill
3 Replies
3. Solaris
I'm trying to set up RBAC, and I need to know where the logs for RBAC are.
I'm using Solaris 10 as my OS.
I've been reading a lot of documents online and just can't seem to find where the related logs are.
My problem is I need to be able to track a user when they su to a role profile, and... (2 Replies)
Discussion started by: bitlord
2 Replies
4. HP-UX
hi every one i tried rbac and i made
1- role called GizaRoot
2- group called gizagroup
3- added privlage autherization called "m.k"
/usr/sbin/useradd:dflt:(m.k,*):0/0//:dflt:dflt:dflt:
i assigned the role to group and add user to that group then su to user and tried to use the command ... (0 Replies)
Discussion started by: maxim42
0 Replies
5. Solaris
Hi all!
On backup server with contab my script worked, but one command don't fine to be executed:
bash-3.00$ scp itadmin@172.17.0.44:/export/backups/* /bckp1/opencms/bcp_`date +%Y%m%d`/
www-zone.cfg 100%... (0 Replies)
Discussion started by: sotich82
0 Replies
6. UNIX for Dummies Questions & Answers
Can anyone help me on "How to change Unix to support RBAC policy"? (4 Replies)
Discussion started by: JPoroo
4 Replies
7. AIX
I would like to use the Role Based access control to granulize some of the administration of AIX systems in our organization. Across the company we will be using aix 5.3. One of these roles will only have the access to make, change and delete users, something similar to ManageAllUsers. The thing... (1 Reply)
Discussion started by: dgaixsysadm
1 Replies
8. Shell Programming and Scripting
what would be easier to automate a script if/then ? (0 Replies)
Discussion started by: deaconf19
0 Replies
9. Solaris
do i have to create a new account to add a role?
i want the sysadmin login
i have 3 users on my systems
sysadmin
secman
oc01
also 3 profiles
SA (goes t0 sysadmin account)
SSO (goes to secman account)
LMICS (goes to oc01 account)
the user accounts are located in /h/USERS/local
the... (4 Replies)
Discussion started by: deaconf19
4 Replies
10. Solaris
I am trying to let user asillitoe su to the godbrook role to execute commands. I have editted files as follows:
user_attr:
asillito::::type=normal;roles=godbrook
godbrook::::type=role;profiles=Gadbrook,All
prof_attr:
Gadbrook:::Allow root commands to be used by godbrook:
exec_attr:... (0 Replies)
Discussion started by: chrisdberry
0 Replies
LEARN ABOUT HPUX
acps.conf
acps.conf(4) Kernel Interfaces Manual acps.conf(4)
NAME
acps.conf - configuration file for the Access Control Policy Switch (ACPS)
SYNOPSIS
DESCRIPTION
The ACPS configuration file controls which modules are consulted for making an access control decision, the order in which the modules are
consulted, and the rules for combining their responses to return a result back to the application.
Syntax and Default Behavior
The file consists of one or more entries in the following format:
Whitespace in these entries is combined into a single blank (" ") character and removed from the beginning and end of each field. If mul-
tiple flags are specified, they should be separated with a comma character.
The individual parameters are defined as follows:
The label provides a human-readable name for the module entry.
The module name identifies the actual shared library to load to effect
the authorization decision. The module name is specified without a path or a suffix (for example, both of which are
assumed from the architecture.
The arguments are defined by the module (that is, module dependent) and are
used to provide additional configuration flexibility.
The field is used to modify the switch's behavior in interpreting the results of the module. See for more details and
possible values for this field.
The order of the entries in the acps.conf file denote the order in which the modules should be called to perform the access check. Each
entry is called in turn until an "authoritative result code" is returned. In the currently defined result code, everything except is
authoritative. Once an authoritative result code is returned by a decision provider module, the code is returned immediately to the appli-
cation. If is returned, the module is ignored and the next module is referenced.
is returned to the application if no module returns an authoritative result.
Entry Flags
In some cases, the default rules for ordering access requests and combining results do not behave as expected for a particular decision
provider module. In this case, it is possible to affect the processing of the ACPS by specifying one or more of the pre-defined flags. If
you specify multiple flags, you should separate them with a comma character.
There is currently only one flag recognized by the switch. The following flag may be specified on a per-module basis:
Short for 'non-authoritative', this flag is used for policy modules that always return
authoritative responses, even when they should not. Specifically, modifies the processing of the entry such that a return
of The effect of this is that multiple modules may be stacked with this flag, such that if any module returns then the
switch returns
EXAMPLES
The following is an example configuration file. Lines that begin with the symbol are treated as comments, and therefore ignored.
# First, attempt to satisfy access request using custom
# module, (e.g. granting all users access to a particular
# object foo, but only between 9am - 5pm). The custom
# module verifies the time and that the object matches
# the specified argument. (In this case, "foo".) If this
# module returns ACPS_DENY, keep going to the next entry
# rather than just returning deny to the application.
HP-UX RBAC : libacpm_timebased : foo : NONATTV
# If custom rule does not match, use default local RBAC
# rule processing
HP-UX RBAC : libacpm_hpux_rbac : :
SEE ALSO
acps(3), acps_api(3), acps_spi(3).
acps.conf(4)