[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

RBAC and ACL

Posted on 2006-07-06
5
Medium Priority
?
913 Views
Last Modified: 2013-12-27
Hi Experts,

We are having some undesirable people carrying around root password; this is a concern for the security of the organization.

What is the best way that I could give these users access to only the files they need to access. These users need to have root access to some files and they should be able to reboot the system. I know that there is a way to give users a root access with RBAC. I would appreciate it if any of you could provide me with the steps of using RBAC. ACL could also be a solution that I am looking for; and if anybody has steps for ACL that would be great.

Thank you for your valuable time and suggestions.

......
0
Comment
Question by:z670193
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 38

Accepted Solution

by:
yuzh earned 672 total points
ID: 17056304
Why not simply download sudo and install it on your system, you can get it from:
http://sunfreeware.com/

please have a look at:
http://www.sudo.ws/sudo/

for more details.

with sudo, you can defined what commands the user can run as root, and it is very easy to use, a lot of tutorail on the Web (also do a search at EE, you can find a lot of answers).

For ACL, please have a look at :
http:Q_21292724.html

For Solaris BSM (Basic Security Module):
http:Q_20676513.html

For RBAC:
http://www.samag.com/documents/s=7667/sam0213c/0213c.htm
http://docs.sun.com/app/docs/doc/817-0365/6mg5vpmdo?a=view
0
 
LVL 14

Assisted Solution

by:arthurjb
arthurjb earned 664 total points
ID: 17061684
>We are having some undesirable people carrying around root password; this is a concern for the security of the organization.

Obviously not a huge concern or they would not have the root password.


>What is the best way that I could give these users access to only the files they need to access

Make sure that the stuff they need to access is owned by the people who need to own it.  Giving out the root password is the lazy way to handle access issues.  Sudo is the professional way.

BUT, in most cases there is no justification for anyone other than the system administrator to have the root password.  In fact in most places, the root password is locked away, and even the system administrators use sudo to do their job.

Find out why they think they need root, and you will normally find that it is because they are lazy and don't care about the security of the system.

It is much safer to setup the proper access rights and keep the root password private, but it takes a little more work.  (In the fight between programmers and sysadmins, the programers insist they need root access, yet they normally don't...)
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 664 total points
ID: 17069672
General rule of thumb is RBAC is used to assigned privileged roles to standard users whereas ACL's are generally used to control access rights to a file.

Sun's RBAC is similar in concept to sudo (as has been improved in Solaris 10), but you still find a lot of people prefer to install sudo as it is more universal and more people are familar with it.

One big downfall with RBAC compared to sudo, is RBAC doesn't provide very good logging, so you can't find out specific commands users have typed without having auditing turned on.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question