LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris
User Name
Password
Solaris / OpenSolaris This forum is for the discussion of Solaris and OpenSolaris.
General Sun, SunOS and Sparc related questions also go here.

Notices

Reply
 
Search this Thread
Old 10-13-2008, 05:00 AM   #1
dellroxy
Member
 
Registered: Jun 2008
Posts: 31

Rep: Reputation: 15
if you want to assign some tasks to specific user


Dears.

To assign the rights to specific User In Solaris

Role-based access control (RBAC) is an alternative to the all-or-nothing superuser model. RBAC uses the security principle of least privilege. No user should be given more privilege than necessary for performing the user's job. RBAC makes it possible for an organization to separate superusers' capabilities and assign these capabilities to specific users or to special user accounts that are called roles. Roles can be assigned to specific individuals, according to their job needs

you have already user in your system named dell
you want to assign some administration tasks to del to do

1) you must make profile in this example the profile named is useradmin
# vi /etc/security/prof_attr
then you will write at the end of the file

useradmin::::
==========================================================
then at this file /etc/security/exec_attr you will assign the command what you want this user (dell) to do

/etc/security/exec_attr

useracc:suser:cmd:::/usr/sbin/useradd:uid=0
useracc:suser:cmd:::/usr/sbin/userdel:uid=0
useracc:suser:cmd:::/usr/sbin/usermod:uid=0
useracc:suser:cmd:::/usr/sbin/groupadd:uid=0
useracc:suser:cmd:::/usr/sbin/groupdel:uid=0
useracc:suser:cmd:::/usr/sbin/groupmod:uid=0
==========================================================
when you add role it's like useradd you will found the role name at /etc/passwd


Create role:-
**************
# roleadd -c "User Administration" -g "Primary Group" -md /export/home/username -s /user/bin/pfksh -P "useracc" username

-c if you want to add comment
-g if you want to add this role to primary group
-md to create the home directory for the role (it's like useradd home directory for the user)
-s to assign shell for user (this is like ksh we use but it is special for this command becouse it is check the rights you given to the user)
-P capital P to assign the profile


# passwd username
# usermod -R username dell
-R to assign role to existing user

i hope this explain help you

Last edited by dellroxy; 10-14-2008 at 09:45 AM. Reason: jlliagre correction my thread
 
Old 10-13-2008, 06:23 AM   #2
jlliagre
Moderator
 
Registered: Feb 2004
Location: Outside Paris
Distribution: Solaris10, Solaris 11, Mint, OL
Posts: 9,490

Rep: Reputation: 355Reputation: 355Reputation: 355Reputation: 355
Quote:
Originally Posted by dellroxy View Post
-c if you want to add command
That should be comment, not command.
Quote:
-g if you want to add this role to primary command
That should be group, not command.
Quote:
-s to assign bash for user (this is like shell we use but it is special for this command becouse it is check the rights you given to the user)
Not bash but ksh. There is no rbac aware bash available.
Quote:
if you need more than this help contact me direct with my email
Why are you asking for off line follow up instead of sharing with everyone ?
 
Old 10-14-2008, 09:47 AM   #3
dellroxy
Member
 
Registered: Jun 2008
Posts: 31

Original Poster
Rep: Reputation: 15
thanks jlliagre for your effort helping my to correct my thread written mistake

and for off line follow up i didn't this meaning totally

i hope that my articl be good

Last edited by dellroxy; 10-14-2008 at 09:48 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I assign a webcam to a specific /dev/video#? windisch Linux - Hardware 5 09-25-2008 07:37 PM
DHCP Assign ip to specific MAC address gfem Linux - Networking 2 08-02-2007 02:58 PM
assign new data partition to specific users wycolorado Linux - Newbie 2 01-01-2005 09:53 PM
How do you assign a process to a specific processor? ter_roshak Linux - General 1 12-19-2003 12:38 AM
Assign Privs to specific user sikandar Linux - Software 13 08-31-2003 02:12 AM


All times are GMT -5. The time now is 01:03 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration