Home > Articles > Operating Systems, Server > Solaris

  • Print
  • + Share This
Like this article? We recommend

Like this article? We recommend

Role-Based Access Control

First appearing in the Solaris 8 OE release, role-based access control (RBAC) is an alternative to the all-or-nothing superuser privilege model. In the superuser (root) model, the power to do anything to the system—be it deleting files, adding users, starting or stopping daemons—is granted after the superuser privilege level is obtained. RBAC provides the least privilege model.

The least privilege model breaks up the capabilities of the superuser into roles. A role is a special type of user account from which privileged applications might be run. A user assumes a role with the su(1M) command. For example, operators might have the backup role assigned to them that allows them to run ufsdump(1M) with privilege. In addition, users might have one or more roles. Even root can be made into a role to prevent anonymous root logins.

In the Solaris 8 and 9 OE releases, RBAC is optional. It is not on by default because no default roles are created. For sites with earlier Solaris OE releases, an alternative to RBAC is sudo, maintained by Todd Miller. sudo provides the capabilities of su(1M) on a per-command, per-user assignment basis.

TABLE 0-2 Pros and Cons of Using RBAC, sudo, and root Shell

Name

Pro

Con

RBAC

Limits privilege by either granting limited root-level privileges or restricting what a user account can do. It is an integral feature of the Solaris OE.

Requires a change in the mindset away from the superuser model. Is not available in the Solaris 2.6 or 7 OE.

sudo

Works on non-RBAC-capable Solaris OE releases.

Must be downloaded, built, and tested. Is not Sun supported software. Grants only limited access to root-level privilege.

root Shell

Most power in using a system.

Any direct root login can do anything to the system. Console logins defeat auditing.


To Use RBAC to Restrict a User to Only Copying Files

  1. Become the superuser.

  2. Add the execution attributes of the role.

  3. # cat <<_EOM_ >> /etc/security/exec_attr
    > Restricted Secure Shell:suser:cmd:::/usr/bin/scp:
    > _EOM_
  4. Add the name of the role.

  5. # cat <<_EOM_ >> /etc/security/prof_attr
    > Restricted Secure Shell:::scp access only:
    > _EOM_
  6. Comment out PROFS_GRANTED=Basic Solaris User in the /etc/security/policy.conf file.

  7. Assign the user the role.

  8. # cat <<_EOM_ >> /etc/user_attr 
    > user::::profiles=Restricted Secure Shell
    > _EOM_
  9. Change the user's shell to a profile shell.

  10. # usermod -s /usr/bin/pfksh user
  11. Restart the nscd daemon.

  12. # /etc/init.d/nscd stop
    # /etc/init.d/nscd start

    The user will only be able to execute built-in shell commands and scp(1), as in the following example.

    localhost$ ssh remotehost -| user
    user@remotehost's password: password
    Last Login: Thu Dec 12 21:51:44 2002 from someplace
    remotehost$ pwd
    /home/user
    remotehost$ cd /
    remotehost$ ls
    pfksh: ls: not found
    remotehost$ pwd
    /
    remotehost$ cat /etc/passwd
    pfksh: cat: not found
    remotehost$ exit
    localhost$ ssh remotehost -| user cat /etc/passwd
    Last Login: Thu Dec 12 21:51:44 2002 from someplace
    pfksh: cat: not found
    localhost$ scp index.html user@remotehost:index.html
    user@remotehost's password: password
    index.html    100% |*****************************| 526 00:00
    localhost$

For more information on RBAC, refer to the following documents:

  • Solaris 9 OE System Administration Guide, specifically the Security Services chapter

  • "Solaris Operating Environment Security: Updated for the Solaris 9 Operating Environment," December 2002, by Alex Noordergraaf and Keith Watson

  • su(1M)

  • roles(1)

  • policy.conf(4)

  • exec_attr(4)

  • prof_attr(4)

  • usermod(1M)

  • roledel(1M)

  • rolemod(1M)

  • roleadd(1M)

For information on sudo, refer to: http://www.courtesan.com/sudo/

  • + Share This
  • 🔖 Save To Your Account