Solved

RBAC and ACL

Posted on 2006-07-06
5
885 Views
Last Modified: 2013-12-27
Hi Experts,

We are having some undesirable people carrying around root password; this is a concern for the security of the organization.

What is the best way that I could give these users access to only the files they need to access. These users need to have root access to some files and they should be able to reboot the system. I know that there is a way to give users a root access with RBAC. I would appreciate it if any of you could provide me with the steps of using RBAC. ACL could also be a solution that I am looking for; and if anybody has steps for ACL that would be great.

Thank you for your valuable time and suggestions.

......
0
Comment
Question by:z670193
5 Comments
 
LVL 38

Accepted Solution

by:
yuzh earned 168 total points
ID: 17056304
Why not simply download sudo and install it on your system, you can get it from:
http://sunfreeware.com/

please have a look at:
http://www.sudo.ws/sudo/

for more details.

with sudo, you can defined what commands the user can run as root, and it is very easy to use, a lot of tutorail on the Web (also do a search at EE, you can find a lot of answers).

For ACL, please have a look at :
http:Q_21292724.html

For Solaris BSM (Basic Security Module):
http:Q_20676513.html

For RBAC:
http://www.samag.com/documents/s=7667/sam0213c/0213c.htm
http://docs.sun.com/app/docs/doc/817-0365/6mg5vpmdo?a=view
0
 
LVL 14

Assisted Solution

by:arthurjb
arthurjb earned 166 total points
ID: 17061684
>We are having some undesirable people carrying around root password; this is a concern for the security of the organization.

Obviously not a huge concern or they would not have the root password.


>What is the best way that I could give these users access to only the files they need to access

Make sure that the stuff they need to access is owned by the people who need to own it.  Giving out the root password is the lazy way to handle access issues.  Sudo is the professional way.

BUT, in most cases there is no justification for anyone other than the system administrator to have the root password.  In fact in most places, the root password is locked away, and even the system administrators use sudo to do their job.

Find out why they think they need root, and you will normally find that it is because they are lazy and don't care about the security of the system.

It is much safer to setup the proper access rights and keep the root password private, but it takes a little more work.  (In the fight between programmers and sysadmins, the programers insist they need root access, yet they normally don't...)
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 166 total points
ID: 17069672
General rule of thumb is RBAC is used to assigned privileged roles to standard users whereas ACL's are generally used to control access rights to a file.

Sun's RBAC is similar in concept to sudo (as has been improved in Solaris 10), but you still find a lot of people prefer to install sudo as it is more universal and more people are familar with it.

One big downfall with RBAC compared to sudo, is RBAC doesn't provide very good logging, so you can't find out specific commands users have typed without having auditing turned on.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
linux  centos   virtualization network quetion 6 81
UNIX SCP 5 82
Need a version of telnet and/or ssh that supports tcp wrappers on AIX 5.1 16 98
centos commands 6 68
Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question