Showing results for 
Search instead for 
Did you mean: 

RBAC Implementaion

Go to solution
Respected Contributor

RBAC Implementaion

Hi Friends,


I m facing n issues while implementing the RBAC, pls find belwo error.


$ privrun /usr/sbin/useradd new_user
privrun: authorization check failed


Is there any permission issue, do we need to provide the rbac dir.


Pls help to resolve






You should deserve before U desire!!!!

Re: RBAC Implementaion

Does the user you are running the command as have the correct authorization?


1st check what roles the user has:


# roleadm list user=foo


Then check what authorizations those roles have:


# authadm list role=userAdmins
userAdmins: (hpux.user.add, *)


To run the useradd command (via privrun) the user must have the hpux.user.add authorization  AND you must uncomment the useradd entry in the /etc/rbac/cmd_priv file:


# grep useradd /etc/rbac/cmd_priv
#/usr/sbin/useradd :dflt :(hpux.user.add,*) :0/0// :dflt :dflt :dflt :


The reason that this  is commented out is because if you allow a user to run useradd they can create a user with a uidnumber of 0 and they now have a root account on the system.


In the cmd_priv file:


# The following entries are known to be equivalent to granting
# unconstrained root. Specifically, the commands may be used
# to obtain an account with uid=0.
#/usr/sbin/useradd :dflt :(hpux.user.add,*)
:0/0// :dflt :dflt :dflt :




Respected Contributor

Re: RBAC Implementaion

use correct path thats sbin instead of bin, Problem resolved.

You should deserve before U desire!!!!