Information Technology Reference
In-Depth Information
Displaying RBAC Assignments
If the
auths
,
profiles
, and
roles
commands are used without command-line
arguments, the authorizations, profiles, and roles assigned to the current user
account are listed. To list the authorizations, profiles, and roles assigned to
another user account, specify the user account as a command-line argument.
For example:
$ auths root
solaris.*,solaris.grant
$ profiles root
All
$ roles root
roles: root : No roles
$
In the previous example, the
auths
command shows that root is assigned all
Solaris authorizations, including
grant
. The
profiles
command shows root
is assigned all profiles, and the
roles
command shows that no roles are
assigned to root.
Role Management
The
user_attr
file can be edited using a text editor to add, delete, or change
roles, but a set of RBAC commands is available to make it easier. These are
the
roleadd
,
roledel
, and
rolemod
commands.
Creating a Role Using the roleadd Command
The
roleadd(1M)
command provides a quick method to add a new role. At a
minimum, the name of the role must be specified as a command-line argu-
ment. Table 12.8 lists the command-line arguments supported by the
roleadd
command.
Table 12.8
Command-Line Arguments for the roleadd Command
Argument
Description
role
Specifies the name of the new role (required).
-A
authorizations
Specifies one or more
authorizations
(separated by commas)
.
-b
base
Defines a
base
directory. If a home directory (
-d
) is not specified,
the
role
name is added to
base
and used as the home directory.
-c
comment
Specifies a
comment
that is placed in the comment (
gcos
) field of
the
/etc/passwd
file.
-d
directory
Defines the home
directory
of the role.
(continued)