How To Create Custom Roles Using RBAC
Last updated on MARCH 06, 2018
Applies to:Solaris Operating System - Version 8.0 and later
This article details how to customize RBAC.
Role Based Access Control (RBAC) allows root to delegate specific superuser privileges without sharing all root's powers. By default, RBAC is ready-to-go in Solaris 8 (and greater) Operating System. Using it is simply a matter of creating a special user account and mapping commands (or command sets) to it. root authorizes trusted users to assume the role's identity (via /usr/bin/su) and execute any/all superuser commands mapped to it.
For instance, arbitrary role account "test" could be mapped to pre-defined profiles in /etc/security/exec_attr, such as the command /usr/sbin/ifconfig. To allow trusted non-root user John Doe (jdoe) to run ifconfig, root would grant jdoe 'su' (/usr/bin/su) rights to role "test".
Once done, user jdoe could 'su' into role "test" and execute the profile /usr/sbin/ifconfig, which is normally restricted to 'root'. Since "test" maps only to 'ifconfig', attempts execute other privileged commands, such as a /usr/sbin/shutdown, will fail.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms