Information Technology Reference
In-Depth Information
Table 12.1
Fields of the User Attributes Database
Field
Use
Name
Name of a user account (defined in the
/etc/passwd
file) or a role.
Qualifier
Reserved for future use (empty field).
Res1
Reserved for future use (empty field).
Res2
Reserved for future use (empty field).
Attributes
List of “key=value” pairs separated by semicolons that determines the
attributes assigned to the user account or role. Valid keys are
auths
(name of one or more authorizations separated by commas),
profiles
(name of one or more profiles separated by commas),
roles
(one or
more roles separated by commas), and
type
(set to “normal” if
name
is
a regular user account or “role” if
name
is a role).
The following lists several sample entries from the
/etc/user_attr
file
(wrapped lines are indented to improve readability):
prt_adm::::type=role;profiles=Printer Management;
auths=solaris.system.date
prof_adm::::type=role;auths=solaris.profmgr.*
role_adm::::type=role;auths=solaris.role.*
user1::::type=normal;roles=prt_adm
user2::::type=normal;roles=prof_adm,role_adm
user3:::type=normal;auths=solaris.jobs.*;
➥
profiles=Printer Management;
roles= prof_adm,role_adm
The following explains the sample entries of the
/etc/user_attr
file:
The first entry defines the
prt_adm
role that is assigned the “Printer
Management” profile. In addition, this role is assigned the authorization
solaris.system.date
, which allows the role to set the system date.
➤
The second entry defines the
prof_adm
role that is assigned all the author-
izations relating to RBAC profile administration. Note that the
*
meta-
character can be used to denote
any
(same as the shell metacharacter).
➤
The third entry defines the
role_adm
role that is assigned all the author-
izations relating to RBAC role administration.
➤
The fourth entry assigns the
prt_adm
role to the normal user account
amber
. Once logged in,
user1
can use the
su(1)
command to become the
prt_adm
” and perform any tasks assigned to that role.
➤
The fifth entry assigns the
prof_adm
and
role_adm
roles to the normal
user account
user2
. Once logged in,
user2
can use the
su(1)
command
to become the
profile_admin
and
role_adm
. Then any tasks assigned to
those roles can be performed.
➤