Wednesday, September 30, 2009

RBAC - Role Based Access Control

Creating a profile similar to Root's profile:

Here, Profile name: complete
List of commands added: Creating a profile with all root privilidges

Step-1:
Step-1: Adding/Creating a profile by editing the file.
# vi /etc/security/prof_attr
complete:::This is to test the duplication of root profile
1 2

Here,
1 = Name of the profile
2 = Comment about the profile (Optional)



Step-2: Mapping the list of commands to the created profile
# vi /etc/security/exec_attr
complete:suser:cmd:::*:uid=0

Step-3: Mapping the user to the profile
# useradd -m -d /export/home/aita -s /usr/bin/pfsh -P complete aita


Output:

bash-3.00# su - aita
sunfire1# echo $USER
root
sunfire1# roles
No roles
sunfire1# profiles
Web Console Management
All
Basic Solaris User
sunfire1# profiles -l | more

Web Console Management:
/usr/share/webconsole/private/bin/smcwebstart uid=noaccess,
gid=noaccess,
privs=proc_audit
All:
*


Note:
1. The output of the commands
# profiles
# profiles -l
will be similar for the root user.

2. From the above output, we can also observe the change in the shell of the user. Normally for the user the shell is $, but since the all the privilidge is given to the user, the shell is #

No comments:

Post a Comment