?
Solved

RBAC and ACL

Posted on 2006-07-06
5
Medium Priority
?
907 Views
Last Modified: 2013-12-27
Hi Experts,

We are having some undesirable people carrying around root password; this is a concern for the security of the organization.

What is the best way that I could give these users access to only the files they need to access. These users need to have root access to some files and they should be able to reboot the system. I know that there is a way to give users a root access with RBAC. I would appreciate it if any of you could provide me with the steps of using RBAC. ACL could also be a solution that I am looking for; and if anybody has steps for ACL that would be great.

Thank you for your valuable time and suggestions.

......
0
Comment
Question by:z670193
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 38

Accepted Solution

by:
yuzh earned 672 total points
ID: 17056304
Why not simply download sudo and install it on your system, you can get it from:
http://sunfreeware.com/

please have a look at:
http://www.sudo.ws/sudo/

for more details.

with sudo, you can defined what commands the user can run as root, and it is very easy to use, a lot of tutorail on the Web (also do a search at EE, you can find a lot of answers).

For ACL, please have a look at :
http:Q_21292724.html

For Solaris BSM (Basic Security Module):
http:Q_20676513.html

For RBAC:
http://www.samag.com/documents/s=7667/sam0213c/0213c.htm
http://docs.sun.com/app/docs/doc/817-0365/6mg5vpmdo?a=view
0
 
LVL 14

Assisted Solution

by:arthurjb
arthurjb earned 664 total points
ID: 17061684
>We are having some undesirable people carrying around root password; this is a concern for the security of the organization.

Obviously not a huge concern or they would not have the root password.


>What is the best way that I could give these users access to only the files they need to access

Make sure that the stuff they need to access is owned by the people who need to own it.  Giving out the root password is the lazy way to handle access issues.  Sudo is the professional way.

BUT, in most cases there is no justification for anyone other than the system administrator to have the root password.  In fact in most places, the root password is locked away, and even the system administrators use sudo to do their job.

Find out why they think they need root, and you will normally find that it is because they are lazy and don't care about the security of the system.

It is much safer to setup the proper access rights and keep the root password private, but it takes a little more work.  (In the fight between programmers and sysadmins, the programers insist they need root access, yet they normally don't...)
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 664 total points
ID: 17069672
General rule of thumb is RBAC is used to assigned privileged roles to standard users whereas ACL's are generally used to control access rights to a file.

Sun's RBAC is similar in concept to sudo (as has been improved in Solaris 10), but you still find a lot of people prefer to install sudo as it is more universal and more people are familar with it.

One big downfall with RBAC compared to sudo, is RBAC doesn't provide very good logging, so you can't find out specific commands users have typed without having auditing turned on.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question