1. create a user “user1″ and assign a password
# useradd -d /export/home/user1 -m -s /bin/bash user1
# passwd user1
-> here password “user1234″ is used.
2. Create a role
# roleadd -d /export/home/role1 -m role1
# passwd role1
-> here password “role1234″ is used.
# tail -1 /etc/passwd
# tail -1 /etc/user_attr
3. Create a profile
# vi /etc/security/prof_attr.d/core-os
shut:::profile to shutdown the system:
4. Assign commands to the profile “shut”
# vi /etc/security/exec_attr.d/core-os
shut:suser:cmd:::/usr/sbin/shutdown:uid=0
5. Assign the profile “shut” to role “role1″
# rolemod -P shut,All role1
-> check the effect:
# tail -2 /etc/user_attr
6. Assign the role “role1″ to the user
# usermod -R role1 user1
Check:
# tail -1 /etc/user_attr
user1::::type=normal;roles=role1
7. Test
Login -> telnet to localhost as “user1″
$ roles
role1
$ su – role1
$ profiles -l
Now run a shutdown by typing: /usr/sbin/shutdown
WORKS!
