HPE Community
Operating System - HP-UX
1819866 Members
2584 Online
109607 Solutions
New Discussion

RBAC Implementaion

 
SOLVED
Go to solution
vishnu.khandare
Respected Contributor

‎04-13-2012 01:49 AM

‎04-13-2012 01:49 AM

RBAC Implementaion

Hi Friends,

 

I m facing n issues while implementing the RBAC, pls find belwo error.

 

$ privrun /usr/sbin/useradd new_user
privrun: authorization check failed

 

Is there any permission issue, do we need to provide the rbac dir.

 

Pls help to resolve

 

Regards

Vishnu

 

 

You should deserve before U desire!!!!
0 Kudos
Reply
2 REPLIES 2
Doug_Lamoureux
Advisor

‎04-26-2012 09:29 AM

‎04-26-2012 09:29 AM

Re: RBAC Implementaion

Does the user you are running the command as have the correct authorization?

 

1st check what roles the user has:

 

# roleadm list user=foo
foo:userAdmins

 

Then check what authorizations those roles have:

 

# authadm list role=userAdmins
userAdmins: (hpux.user.add, *)

 

To run the useradd command (via privrun) the user must have the hpux.user.add authorization  AND you must uncomment the useradd entry in the /etc/rbac/cmd_priv file:

 

# grep useradd /etc/rbac/cmd_priv
#/usr/sbin/useradd :dflt :(hpux.user.add,*) :0/0// :dflt :dflt :dflt :

 

The reason that this  is commented out is because if you allow a user to run useradd they can create a user with a uidnumber of 0 and they now have a root account on the system.

 

In the cmd_priv file:

 

# The following entries are known to be equivalent to granting
# unconstrained root. Specifically, the commands may be used
# to obtain an account with uid=0.
#
#/usr/sbin/useradd :dflt :(hpux.user.add,*)
:0/0// :dflt :dflt :dflt :

....

 

 

0 Kudos
Reply
vishnu.khandare
Respected Contributor

‎05-16-2012 02:07 AM

‎05-16-2012 02:07 AM

Solution

Re: RBAC Implementaion

use correct path thats sbin instead of bin, Problem resolved.

You should deserve before U desire!!!!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.