I'm trying to use RBAC on an AIX 6.1 system to authorize a subset of users to perform user administration. In particular, I'd like for this group to be able to administer passwords. I created a role named "testrole" with the following definition:
testrole authorizations=aix.security.passwd,aix.security.user rolelist= groups=rsam visibility=1 screens=* dfltmsg= msgcat= auth_mod
I've created a test account named "dopey" to which I've added this role. What I can't figure out is why I'm getting the following error when, as dopey, I try changing the password of another account.
ksh: passwd: 0403-006 Execute permission denied.