Re: RBAC Implementaion (153 Views)
Reply
Respected Contributor
vishnu.khandare
Posts: 194
Registered: ‎09-12-2010
Message 1 of 3 (182 Views)
Accepted Solution

RBAC Implementaion

Hi Friends,

 

I m facing n issues while implementing the RBAC, pls find belwo error.

 

$ privrun /usr/sbin/useradd new_user
privrun: authorization check failed

 

Is there any permission issue, do we need to provide the rbac dir.

 

Pls help to resolve

 

Regards

Vishnu

 

 

You should deserve before U desire!!!!
Please use plain text.
HP Pro
Doug_Lamoureux
Posts: 11
Registered: ‎11-30-2011
Message 2 of 3 (166 Views)

Re: RBAC Implementaion

Does the user you are running the command as have the correct authorization?

 

1st check what roles the user has:

 

# roleadm list user=foo
foo:userAdmins

 

Then check what authorizations those roles have:

 

# authadm list role=userAdmins
userAdmins: (hpux.user.add, *)

 

To run the useradd command (via privrun) the user must have the hpux.user.add authorization  AND you must uncomment the useradd entry in the /etc/rbac/cmd_priv file:

 

# grep useradd /etc/rbac/cmd_priv
#/usr/sbin/useradd :dflt :(hpux.user.add,*) :0/0// :dflt :dflt :dflt :

 

The reason that this  is commented out is because if you allow a user to run useradd they can create a user with a uidnumber of 0 and they now have a root account on the system.

 

In the cmd_priv file:

 

# The following entries are known to be equivalent to granting
# unconstrained root. Specifically, the commands may be used
# to obtain an account with uid=0.
#
#/usr/sbin/useradd :dflt :(hpux.user.add,*)
:0/0// :dflt :dflt :dflt :

....

 

 

Please use plain text.
Respected Contributor
vishnu.khandare
Posts: 194
Registered: ‎09-12-2010
Message 3 of 3 (153 Views)

Re: RBAC Implementaion

use correct path thats sbin instead of bin, Problem resolved.

You should deserve before U desire!!!!
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation