Create a User and Role using command line
---------------------------------------------------------
# roleadd -m -d /export/home/sdown sdown
# passwd sdown
# grep sdown /etc/passwd
sdown:x:100:1::/export/home/sdown:/bin/pfsh
# grep sdown /etc/shadow
sdown:nVpVp8UAgLl8Q:15913::::::
# more /etc/user_attr
adm::::profiles=Log Management
lp::::profiles=Printer Management
postgres::::type=role;profiles=Postgres Administration,All
root::::auths=solaris.*,solaris.grant;profiles=Web Console Management,All;lock_after_retries=no;min_label=admin_low;clea
rance=admin_high
sdown::::type=role;profiles=All
Create the profile name Shut by adding a line to the /etc/security/prof_attr file
------------------------------------------------------------------------------------------------------------------
# vi /etc/security/prof_attr
Shut:::Able to shutdown the system:
Add the profile to the Role
# rolemod -P Shut sdown
# grep sdown /etc/user_attr
sdown::::type=role;profiles=Shut
Create a user and assign it access to sdown role
-----------------------------------------------------------------
# useradd -m -d /export/home/suresh -s /bin/ksh -R sdown suresh
# passwd suresh
# grep suresh/etc/user_attr
suresh::::type=normal;roles=sdown
# more /etc/user_attr
sdown::::type=role;profiles=Shut
suresh::::type=normal;roles=sdown
Assign the shutdown command to the profile
---------------------------------------------------------------
# vi /etc/security/exec_attr
Shut:suser:cmd:::/usr/sbin/shutdown:uid=0
Now Test the Configuration
-------------------------------------------
# su - suresh
bash-3.2$ profiles
Basic Solaris User
All
bash-3.2$ roles
sdown
bash-3.2$ su sdown
Password:
{After login do not use bash shell}
$ profiles -l
Shut:
/usr/sbin/shutdown uid=0
All:
*
$ /usr/sbin/shutdown
---------------------------------------------------------
# roleadd -m -d /export/home/sdown sdown
# passwd sdown
# grep sdown /etc/passwd
sdown:x:100:1::/export/home/sdown:/bin/pfsh
# grep sdown /etc/shadow
sdown:nVpVp8UAgLl8Q:15913::::::
# more /etc/user_attr
adm::::profiles=Log Management
lp::::profiles=Printer Management
postgres::::type=role;profiles=Postgres Administration,All
root::::auths=solaris.*,solaris.grant;profiles=Web Console Management,All;lock_after_retries=no;min_label=admin_low;clea
rance=admin_high
sdown::::type=role;profiles=All
Create the profile name Shut by adding a line to the /etc/security/prof_attr file
------------------------------------------------------------------------------------------------------------------
# vi /etc/security/prof_attr
Shut:::Able to shutdown the system:
Add the profile to the Role
# rolemod -P Shut sdown
# grep sdown /etc/user_attr
sdown::::type=role;profiles=Shut
Create a user and assign it access to sdown role
-----------------------------------------------------------------
# useradd -m -d /export/home/suresh -s /bin/ksh -R sdown suresh
# passwd suresh
# grep suresh/etc/user_attr
suresh::::type=normal;roles=sdown
# more /etc/user_attr
sdown::::type=role;profiles=Shut
suresh::::type=normal;roles=sdown
Assign the shutdown command to the profile
---------------------------------------------------------------
# vi /etc/security/exec_attr
Shut:suser:cmd:::/usr/sbin/shutdown:uid=0
Now Test the Configuration
-------------------------------------------
# su - suresh
bash-3.2$ profiles
Basic Solaris User
All
bash-3.2$ roles
sdown
bash-3.2$ su sdown
Password:
{After login do not use bash shell}
$ profiles -l
Shut:
/usr/sbin/shutdown uid=0
All:
*
$ /usr/sbin/shutdown
No comments:
Post a Comment