LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris
User Name
Password
Solaris / OpenSolaris This forum is for the discussion of Solaris and OpenSolaris.
General Sun, SunOS and Sparc related questions also go here.

Notices

Reply
 
Search this Thread
Old 04-05-2006, 01:40 PM   #1
AbrahamJose
Member
 
Registered: Feb 2006
Location: India
Posts: 165

Rep: Reputation: 30
Post Privileged user


Hi,

I want to give privilege to a user in solaris9, for printer management

I tried smc - users -user account
added the right
Printer Management.
It doesn't work
What I have to do
Plz help.
 
Old 04-05-2006, 07:38 PM   #2
apt-get-dude
Member
 
Registered: Mar 2006
Posts: 98

Rep: Reputation: 15
are you talking about setting up rbac?

man roleadd

check out /etc/user_attr and the /etc/security/prof_attr and exec_attr
 
Old 04-18-2006, 12:57 PM   #3
AbrahamJose
Member
 
Registered: Feb 2006
Location: India
Posts: 165

Original Poster
Rep: Reputation: 30
Thumbs down rbac

Sir,

rbac?. I'm not familiar with the terminology.

In etc/user_attr, following line is there

user1:::rofiles=Printer Management;type=normal.

In /etc/security/exec_attr
Can I modify the lines starting with "Printer Management"
 
Old 04-18-2006, 04:28 PM   #4
javier.e.menendez
Member
 
Registered: Jan 2006
Posts: 168

Rep: Reputation: 30
rbac=role base access control

2 files deal with printer management...

prof_attr specifies the name of the profile with a comment next to it

exec_attr will have lines like

printer management:suser:cmd:::/usr/sbin/enable:euid=lp

that means that if you associate the profile printer management to a user or to a role, then in this case, you can use the enable command.

Note: There are several lines in exec_attr with the individual commands that you can use with the profile "printer management".

Ex: you should be able to use enable, lprm, lpshut, accept, lpset, lpadmin and so forth.
 
Old 04-18-2006, 10:16 PM   #5
AbrahamJose
Member
 
Registered: Feb 2006
Location: India
Posts: 165

Original Poster
Rep: Reputation: 30
Question Doubts

Yes I noticed it.
printer management:suser:cmd:::/usr/sbin/enable:euid=lp

My doubt is, can I suffix the string ":euid=user1"
to each such line. Any problem?

Is there any easy way?

I tried it with smc first.
Why these entries are not coming in the concerned files, as I use smc?
Was my procedure not correct?
 
Old 04-19-2006, 07:19 AM   #6
javier.e.menendez
Member
 
Registered: Jan 2006
Posts: 168

Rep: Reputation: 30
Hi AJ:

You seem to be missing the boat here. The idea here is that the exec_attr speficies which commands can be executed by which profile. The euid=0 tells the system that you are effectively running this as user id # 0 (root). If you change it to euid=user1, then the end result will be (odds are, havent't tried it) permission denied (probably)
 
Old 04-19-2006, 07:19 AM   #7
javier.e.menendez
Member
 
Registered: Jan 2006
Posts: 168

Rep: Reputation: 30
By the way, go through the forum and you will see an example on how to set up from scratch that I posted a few days ago.
 
Old 04-21-2006, 05:34 AM   #8
AbrahamJose
Member
 
Registered: Feb 2006
Location: India
Posts: 165

Original Poster
Rep: Reputation: 30
about smc

Thanks javier,
I've seen it.
Before I try it , I have a doubt.
As mentioned earlier, How can I do the same using smc?
 
Old 04-21-2006, 06:13 PM   #9
apt-get-dude
Member
 
Registered: Mar 2006
Posts: 98

Rep: Reputation: 15
yes, you can use smc to create rbac but it is much faster to do it cli style. smc takes too long for my taste.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Privileged port AlexJ Suse/Novell 1 03-31-2006 07:40 AM
audio doesn't work for non-privileged user cheema Linux - Hardware 2 01-13-2006 03:24 AM
Failed to use X as non-privileged user on AS 3.0 EStester Linux - Enterprise 0 02-28-2005 03:57 PM
Non-privileged user account needed.... AzuuAz Linux - Security 1 11-26-2004 04:06 AM
Logging in as non-privileged user TastyWheat Linux - Security 2 09-27-2004 01:58 AM


All times are GMT -5. The time now is 03:33 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration