Information Technology Reference
In-Depth Information
Table 12.1
Fields of the User Attributes Database
Field
Use
Name
Name of a user account (defined in the /etc/passwd file) or a role.
Qualifier
Reserved for future use (empty field).
Res1
Reserved for future use (empty field).
Res2
Reserved for future use (empty field).
Attributes
List of “key=value” pairs separated by semicolons that determines the
attributes assigned to the user account or role. Valid keys are auths
(name of one or more authorizations separated by commas), profiles
(name of one or more profiles separated by commas), roles (one or
more roles separated by commas), and type (set to “normal” if name is
a regular user account or “role” if name is a role).
The following lists several sample entries from the /etc/user_attr file
(wrapped lines are indented to improve readability):
prt_adm::::type=role;profiles=Printer Management;
auths=solaris.system.date
prof_adm::::type=role;auths=solaris.profmgr.*
role_adm::::type=role;auths=solaris.role.*
user1::::type=normal;roles=prt_adm
user2::::type=normal;roles=prof_adm,role_adm
user3:::type=normal;auths=solaris.jobs.*;
profiles=Printer Management;
roles= prof_adm,role_adm
The following explains the sample entries of the /etc/user_attr file:
The first entry defines the prt_adm role that is assigned the “Printer
Management” profile. In addition, this role is assigned the authorization
solaris.system.date , which allows the role to set the system date.
The second entry defines the prof_adm role that is assigned all the author-
izations relating to RBAC profile administration. Note that the * meta-
character can be used to denote any (same as the shell metacharacter).
The third entry defines the role_adm role that is assigned all the author-
izations relating to RBAC role administration.
The fourth entry assigns the prt_adm role to the normal user account
amber . Once logged in, user1 can use the su(1) command to become the
prt_adm ” and perform any tasks assigned to that role.
The fifth entry assigns the prof_adm and role_adm roles to the normal
user account user2 . Once logged in, user2 can use the su(1) command
to become the profile_admin and role_adm . Then any tasks assigned to
those roles can be performed.
Search WWH ::




Custom Search