RBAC Implementaion

vishnu.khandare · ‎04-13-2012

Hi Friends,

I m facing n issues while implementing the RBAC, pls find belwo error.

$ privrun /usr/sbin/useradd new_user
privrun: authorization check failed

Is there any permission issue, do we need to provide the rbac dir.

Pls help to resolve

Regards

Vishnu

You should deserve before U desire!!!!

Doug_Lamoureux · ‎04-26-2012

Does the user you are running the command as have the correct authorization?

1st check what roles the user has:

# roleadm list user=foo
foo:userAdmins

Then check what authorizations those roles have:

# authadm list role=userAdmins
userAdmins: (hpux.user.add, *)

To run the useradd command (via privrun) the user must have the hpux.user.add authorization AND you must uncomment the useradd entry in the /etc/rbac/cmd_priv file:

# grep useradd /etc/rbac/cmd_priv
#/usr/sbin/useradd :dflt :(hpux.user.add,*) :0/0// :dflt :dflt :dflt :

The reason that this is commented out is because if you allow a user to run useradd they can create a user with a uidnumber of 0 and they now have a root account on the system.

In the cmd_priv file:

# The following entries are known to be equivalent to granting
# unconstrained root. Specifically, the commands may be used
# to obtain an account with uid=0.
#
#/usr/sbin/useradd :dflt :(hpux.user.add,*)
:0/0// :dflt :dflt :dflt :

....

vishnu.khandare · ‎05-16-2012

use correct path thats sbin instead of bin, Problem resolved.

You should deserve before U desire!!!!

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

RBAC Implementaion

RBAC Implementaion

Re: RBAC Implementaion

Re: RBAC Implementaion