RBAC In Solaris System's

RBAC are the sole assignment for User's. other hand we can say that. This is equivalent of su in linux

RBAC in Solaris System's

Create a user "singh" with a profile shell and "Limited" profile:

/etc/passwd
foo:x:101:1::/export/home/singh:/usr/bin/pfsh
/etc/user_attr
singh::::type=normal;profiles=Limited

Create the "Limited" profile:

/etc/security/prof_attr
Limited:::only can run some limited commands:
/etc/security/exec_attr
Limited:suser:cmd:::/export/home/singh/bin/Address:uid=0

Create an example script:

#vi /export/home/singh/bin/Address
#!/bin/sh
/usr/sbin/ifconfig -a

:wq!

Remove default auths and profile from all users. Note – this is required so that the singh user doesn’t get the “Basic Solaris User” profile, which allows all user level binaries to be run. This however
(As root), check auths and profile of singhuser:

# auths singh
auths: singh : No authorizations
# profiles singh
 Limited
# profiles -l singh
 Limited:
 /export/home/singh/bin/Address    uid=0

As foo user, run Address command:

# su singh
# /export/home/singh/bin/Address
lo0:      <=== works as required
# ls
ls: not found   <=== as expected - singh user is limited

RHCSA, RHCE, RHCSS, RHCVA, RHCDS, RHCA, OpenStack, OpenShift, Rancher, CloudStorage, CCNA, VMWARE

Search This Blog

RBAC In Solaris System's

Comments

Post a Comment