04-14-2011 02:41 AM
In our environment we have 3 different applications team with more than 10 users per team. This team requires root access to run application commands and to edit certain configuration files and directories.
Apart from ACL and sudo Is it possible this can be achieved in HPUNIX RBAC, if yes please let me know the procedure to achieve this,.
Thanks in advance.
04-14-2011 04:53 AM
So, you can grant a group of users selective root access, but remember that this is stillroot access, meaning : There actions can severiliy impact the two other teams.
I think that what you can do with RBAC, is somewhat the same as what you can do with sudo : Allow regular users to do a few things as root. Althoug permission filtering is on another level.
Another option - if you are running HP-UX 11i v3 - is SRP. These creates some virtual subsystem within your server. You can grant root access to a team, which will only alow them to be root in there resource partition.
SRP comes very close to virtualization, but het HP-UX itself is the hypervisor and you don't need to install (and manage) yet another OS to run an application. You run the application directly on the hypervisor : HP-UX.
04-14-2011 07:47 AM