[go: up one dir, main page]
Scribd
Upload
23 views12 pages

Chap10 Configuring Role-Based Access Control

The document outlines the fundamentals of Role-Based Access Control (RBAC), detailing the roles, rights profiles, and authorizations that can be assigned to users. It describes the RBAC databases and provides a step-by-step guide for managing RBAC through command line operations, including creating users and roles, and assigning permissions. Additionally, it includes examples of commands for verifying roles and executing privileged operations.

Uploaded by

Ram
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
23 views12 pages

Chap10 Configuring Role-Based Access Control

The document outlines the fundamentals of Role-Based Access Control (RBAC), detailing the roles, rights profiles, and authorizations that can be assigned to users. It describes the RBAC databases and provides a step-by-step guide for managing RBAC through command line operations, including creating users and roles, and assigning permissions. Additionally, it includes examples of commands for verifying roles and executing privileged operations.

Uploaded by

Ram
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Configuring Role-Based Access Control

AITA\SWBU\SOLARIS\08 1
Introducing RBAC Fundamentals

 In systems implementing RBAC, individual users can be


assigned to roles, such as system administrators, network
administrators or operator.
 The users, roles, profiles and privileged commands are defined
in four databases.

AITA\SWBU\SOLARIS\08 2
 Roles
 A special identity for running privileged applications or
commands that can be assumed by assigned users only.
 Rights Profiles
 Is a collection of privileges that can be assigned to a role
or user. (Primary Administrator, System Administrator,
Printer Management etc.,)
 Authorizations
 Is a permission that you can assign to a role or to a user

AITA\SWBU\SOLARIS\08 3
Profile Shells

 Is a special type of shell that enables access to the privileged


applications that are assigned to the profile.
 The profile shells are pfsh, pfksh, and pfcsh.

AITA\SWBU\SOLARIS\08 4
RBAC Databases
 “/etc/user_attr”
 Associates users and roles with authorizations and rights profiles.
 “/etc/security/prof_attr”
 Define profiles, lists the profile’s assigned authorizations, and
identifies the associated help file.
 “/etc/security/exec_attr”
 Defines the privileged operations assigned to a profile.
 “/etc/security/auth_attr”
 Defines authorizations and their attributes.

AITA\SWBU\SOLARIS\08 5
Fundamentals of Managing RBAC

1. Build the user accounts that will be assigned the RBAC rights
(not required if using the existing users)
2. Build the rights profile needed to support the superuser
access requirements
3. Build the role that will provide access to the rights profiles for
designated users

AITA\SWBU\SOLARIS\08 6
Managing RBAC using the Command Line

 “roleadd” - Adds a role account on the system


 “rolemod” - Modifies a role’s login information
 “useradd” - Adds a user account on the system

AITA\SWBU\SOLARIS\08 7
Creating a User and a Role

 Create a role named “sdown”.


 “# roleadd -u 5000 -g 10 -m -d /export/home/sdown sdown”
 “# passwd sdown”
 Create the profile named Shut.
 “# vi /etc/security/prof_attr”
 “Shut:::Able to Shutdown the system:”
 Add the profile to the role.
 “ # rolemod -P Shut,All sdown”

AITA\SWBU\SOLARIS\08 8
 Verify that the role is included in the “/etc/user_attr” file.
 “# more /etc/user_attr”
 Create a user named user10 and assign it access to the
“sdown” role.
 “# useradd -u 4009 -g 10 -m -d /export/home/user10 -s
/bin/ksh -R sdown user10”
 “# passwd user10”
 Check the role attributes for user10.
 “# grep user10 /etc/user_attr”

AITA\SWBU\SOLARIS\08 9
 Assign the “shutdown” command to the profile.
 “# vi /etc/security/exec_attr”
 “Shut:suser:cmd:::/usr/sbin/shutdown:uid=0”
 Log in as user10.
 From his login, shut down the system.
 “$ /usr/sbin/shutdown -i 6 -g 0”
 “Will display error message”
 Determine which RBAC profiles are associated with the user10
 “$ profiles”

AITA\SWBU\SOLARIS\08 10
 Determine which roles are associated with user10.
 “$ roles”
 Assume the role “sdown”
 “$ su sdown
 Shut down the system by using “init” command.
 “$ /usr/sbin/init 0”
 “Will display error message”

AITA\SWBU\SOLARIS\08 11
 List the commands that the “sdown” profile can execute.
 “$ profiles -l”
 Shut down the system using the “shutdown” command.
 “$ /usr/sbin/shutdown -i 6 -g 0”
 “Will ask for confirmation”

AITA\SWBU\SOLARIS\08 12

You might also like