Wednesday, 24 September 2014

RBACK Implementation in solaris for a user

Create a User and Role using command line
---------------------------------------------------------

# roleadd -m -d /export/home/sdown sdown
# passwd sdown

# grep sdown /etc/passwd
sdown:x:100:1::/export/home/sdown:/bin/pfsh
# grep sdown /etc/shadow
sdown:nVpVp8UAgLl8Q:15913::::::

# more /etc/user_attr
adm::::profiles=Log Management
lp::::profiles=Printer Management
postgres::::type=role;profiles=Postgres Administration,All
root::::auths=solaris.*,solaris.grant;profiles=Web Console Management,All;lock_after_retries=no;min_label=admin_low;clea
rance=admin_high
sdown::::type=role;profiles=All


Create the profile name Shut by adding a line to the /etc/security/prof_attr file
------------------------------------------------------------------------------------------------------------------

# vi /etc/security/prof_attr
Shut:::Able to shutdown the system:


Add the profile to the Role

# rolemod -P Shut sdown
# grep sdown /etc/user_attr
sdown::::type=role;profiles=Shut


Create a user and assign it access to sdown role
-----------------------------------------------------------------

# useradd -m -d /export/home/suresh -s /bin/ksh -R sdown suresh
# passwd suresh
# grep suresh/etc/user_attr
suresh::::type=normal;roles=sdown

# more /etc/user_attr
sdown::::type=role;profiles=Shut
suresh::::type=normal;roles=sdown


Assign the shutdown command to the profile
---------------------------------------------------------------

# vi /etc/security/exec_attr
Shut:suser:cmd:::/usr/sbin/shutdown:uid=0


Now Test the Configuration
-------------------------------------------

# su - suresh
bash-3.2$ profiles
Basic Solaris User
All

bash-3.2$ roles
sdown

bash-3.2$ su sdown                    
Password:
      {After login do not use bash shell}
$ profiles -l

      Shut:
          /usr/sbin/shutdown    uid=0
      All:
          *

$ /usr/sbin/shutdown

No comments:

Post a Comment