A Simple Role Base Access Control (RBAC) example on Solaris 11

1. create a user “user1″ and assign a password
# useradd -d /export/home/user1 -m -s /bin/bash user1
# passwd user1

-> here password “user1234″ is used.

2. Create a role
# roleadd -d /export/home/role1 -m role1
# passwd role1

-> here password “role1234″ is used.

# tail -1 /etc/passwd
# tail -1 /etc/user_attr

3. Create a profile
# vi  /etc/security/prof_attr.d/core-os
shut:::profile to shutdown the system:

4. Assign commands to the profile “shut”
# vi /etc/security/exec_attr.d/core-os
shut:suser:cmd:::/usr/sbin/shutdown:uid=0

5. Assign the profile “shut” to role “role1″
# rolemod -P shut,All  role1

-> check the effect:
# tail -2 /etc/user_attr
6. Assign the role “role1″ to the user
# usermod  -R role1 user1

Check:
# tail -1 /etc/user_attr
user1::::type=normal;roles=role1

7. Test
Login -> telnet to localhost as “user1″

$ roles
role1

$ su – role1
$ profiles -l

Now run a shutdown by typing: /usr/sbin/shutdown

WORKS!

This entry was posted in Solaris / linux. Bookmark the permalink.