Information Technology Reference
In-Depth Information
RBAC Changes in a Name Service
Environment
If any name service other than
/etc
files is being used (that is, NIS, NIS+, or
LDAP), the Name Service Cache Daemon (
nscd
) must be stopped and
restarted in order for any RBAC changes to take effect:
# /etc/init.d/nscd stop
# /etc/init.d/ncsd start
Summary
Access Control Lists (ACLs) provide a method to extend the permissions
associated with files and directories. Standard Unix permissions support only
three types of users: the owner, a group, and everyone else. Using ACLs,
unique permissions can be assigned to additional user and groups.
The Role-Based Access Control (RBAC) capability gets away from the all-
or-nothing approach to system administration that is associated with the
superuser account and allows specific sets of authorizations and rights to be
grouped into roles. These roles can be used to spread system administration
responsibilities across multiple accounts without compromising system
security.
