RBAC related question..
I am referring Bill Calkins(SCSA exam prep) for RBAC..actually i wanted to make a normal user to get the privilege to run a command through authorization, not through profile files...
This is the exact steps given by Bill calkins.. 1.roleadd -m -d /export/home/adminusr -c "Admin Assistant" \ -A solaris.admin.usermgr.pswd,solaris.system.shutdown,\ solaris.admin.fsmgr.write adminusr 2. passwd adminusr 3. usermod -R adminusr neil 4.su - neil 5.$roles adminusr 6.su adminusr Now, neil can change passwords, shutdown system, share filesystems... This is what Bill Calkins says... but when i do this as neil..for eg. $/usr/sbin/shutdown -h now Only root can run /usr/sbin/shutdown... Please let me know where I am going wrong... |
According to Solaris source code ( http://cvs.opensolaris.org/source/xr...ad/auth_list.h ), the solaris.system.shutdown authorization is only used with the Trusted Solaris extensions, not regular stock Solaris.
You'd rather go the profile way and grant the right to run init or shutdown as root. |
RBAC
|
All times are GMT -5. The time now is 11:37 PM. |