RBAC and ACL

Hi Experts,

We are having some undesirable people carrying around root password; this is a concern for the security of the organization.

What is the best way that I could give these users access to only the files they need to access. These users need to have root access to some files and they should be able to reboot the system. I know that there is a way to give users a root access with RBAC. I would appreciate it if any of you could provide me with the steps of using RBAC. ACL could also be a solution that I am looking for; and if anybody has steps for ACL that would be great.

Thank you for your valuable time and suggestions.

......
z670193Asked:
Who is Participating?
 
yuzhCommented:
Why not simply download sudo and install it on your system, you can get it from:
http://sunfreeware.com/

please have a look at:
http://www.sudo.ws/sudo/

for more details.

with sudo, you can defined what commands the user can run as root, and it is very easy to use, a lot of tutorail on the Web (also do a search at EE, you can find a lot of answers).

For ACL, please have a look at :
http:Q_21292724.html

For Solaris BSM (Basic Security Module):
http:Q_20676513.html

For RBAC:
http://www.samag.com/documents/s=7667/sam0213c/0213c.htm
http://docs.sun.com/app/docs/doc/817-0365/6mg5vpmdo?a=view
0
 
arthurjbCommented:
>We are having some undesirable people carrying around root password; this is a concern for the security of the organization.

Obviously not a huge concern or they would not have the root password.


>What is the best way that I could give these users access to only the files they need to access

Make sure that the stuff they need to access is owned by the people who need to own it.  Giving out the root password is the lazy way to handle access issues.  Sudo is the professional way.

BUT, in most cases there is no justification for anyone other than the system administrator to have the root password.  In fact in most places, the root password is locked away, and even the system administrators use sudo to do their job.

Find out why they think they need root, and you will normally find that it is because they are lazy and don't care about the security of the system.

It is much safer to setup the proper access rights and keep the root password private, but it takes a little more work.  (In the fight between programmers and sysadmins, the programers insist they need root access, yet they normally don't...)
0
 
TintinCommented:
General rule of thumb is RBAC is used to assigned privileged roles to standard users whereas ACL's are generally used to control access rights to a file.

Sun's RBAC is similar in concept to sudo (as has been improved in Solaris 10), but you still find a lot of people prefer to install sudo as it is more universal and more people are familar with it.

One big downfall with RBAC compared to sudo, is RBAC doesn't provide very good logging, so you can't find out specific commands users have typed without having auditing turned on.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.