LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Solaris / OpenSolaris (http://www.linuxquestions.org/questions/solaris-opensolaris-20/)
-   -   if you want to assign some tasks to specific user (http://www.linuxquestions.org/questions/solaris-opensolaris-20/if-you-want-to-assign-some-tasks-to-specific-user-676010/)

dellroxy 10-13-2008 05:00 AM

if you want to assign some tasks to specific user
 
Dears.

To assign the rights to specific User In Solaris

Role-based access control (RBAC) is an alternative to the all-or-nothing superuser model. RBAC uses the security principle of least privilege. No user should be given more privilege than necessary for performing the user's job. RBAC makes it possible for an organization to separate superusers' capabilities and assign these capabilities to specific users or to special user accounts that are called roles. Roles can be assigned to specific individuals, according to their job needs

you have already user in your system named dell
you want to assign some administration tasks to del to do

1) you must make profile in this example the profile named is useradmin
# vi /etc/security/prof_attr
then you will write at the end of the file

useradmin::::
==========================================================
then at this file /etc/security/exec_attr you will assign the command what you want this user (dell) to do

/etc/security/exec_attr

useracc:suser:cmd:::/usr/sbin/useradd:uid=0
useracc:suser:cmd:::/usr/sbin/userdel:uid=0
useracc:suser:cmd:::/usr/sbin/usermod:uid=0
useracc:suser:cmd:::/usr/sbin/groupadd:uid=0
useracc:suser:cmd:::/usr/sbin/groupdel:uid=0
useracc:suser:cmd:::/usr/sbin/groupmod:uid=0
==========================================================
when you add role it's like useradd you will found the role name at /etc/passwd


Create role:-
**************
# roleadd -c "User Administration" -g "Primary Group" -md /export/home/username -s /user/bin/pfksh -P "useracc" username

-c if you want to add comment
-g if you want to add this role to primary group
-md to create the home directory for the role (it's like useradd home directory for the user)
-s to assign shell for user (this is like ksh we use but it is special for this command becouse it is check the rights you given to the user)
-P capital P to assign the profile


# passwd username
# usermod -R username dell
-R to assign role to existing user

i hope this explain help you

jlliagre 10-13-2008 06:23 AM

Quote:

Originally Posted by dellroxy (Post 3308542)
-c if you want to add command

That should be comment, not command.
Quote:

-g if you want to add this role to primary command
That should be group, not command.
Quote:

-s to assign bash for user (this is like shell we use but it is special for this command becouse it is check the rights you given to the user)
Not bash but ksh. There is no rbac aware bash available.
Quote:

if you need more than this help contact me direct with my email
Why are you asking for off line follow up instead of sharing with everyone ?

dellroxy 10-14-2008 09:47 AM

thanks jlliagre for your effort helping my to correct my thread written mistake

and for off line follow up i didn't this meaning totally

i hope that my articl be good


All times are GMT -5. The time now is 05:04 AM.