Table 3-4 HP-UX RBAC Commands

Command

Description

privrun

Invokes legacy application with privileges after performing authorization checks and

 

optionally re-authenticating the user.

privedit

Allows authorized users to edit files that are under access control.

roleadm

Edits of role information in the /etc/rbac/user_role, /etc/rbac/role_auth, and

 

/etc/rbac/roles files.

authadm

Edits authorization information in the /etc/rbac/role_auth and /etc/rbac/roles

 

files.

cmdprivadm

Edits command authorizations and privileges in the /etc/rbac/cmd_priv database.

rbacdbchk

Verifies authorizations and syntax in the HP-UX RBAC and privrun database files.

privsh, privcsh, and

These shells automatically invoke the access control subsystem to run commands with

privksh

privileges when appropriate.

HP-UX RBAC Manpages

Table 3-5“HP-UX RBAC Manpages” lists and briefly describes the HP-UX RBAC manpages.

Table 3-5 HP-UX RBAC Manpages

Manpage

Description

rbac(5)

Describes the HP-UX RBAC feature.

acps(3)

Describes the ACPS and its interfaces.

acps.conf(4)

Describes the ACPS configuration file and its syntax.

acps_api(3)

Describes the ACPS Application Programming Interface.

acps_spi(3)

Describes the ACPS Service Provider Interface.

privrun(1m)

Describes privrun functionality and syntax.

privedit(1m)

Describes privedit functionality and syntax.

roleadm(1m)

Describes roleadm functionality and syntax.

authadm(1m)

Describes authadm functionality and syntax.

cmdprivadm(1m)

Describes cmdprivadm functionality and syntax.

rbacdbchk(1m)

Describes rbacdbchk functionality and syntax.

privsh(5m)

Overview of various privileged system shells.

HP-UX RBAC Architecture

The primary component of HP-UX RBAC is the privrun command, which invokes existing commands, applications, and scripts. The privrun command uses the ACPS subsystem to make access control requests. An access request is granted or denied based on a set of configuration files that define user-to-role and role-to-authorization mappings.

If the access request is granted, privrun invokes the target command with additional privileges, which can include one or more of either a UID, GID, fine-grained privileges, and compartments. The privileges are configured to enable the target command to run successfully.

Figure 3-1“HP-UX RBAC Architecture” illustrates the HP-UX RBAC architecture.

HP-UX RBAC Components 31

Page 31
Image 31
HP UX 11i Role-based Access Control (RBAC) Software HP-UX Rbac Manpages, HP-UX Rbac Architecture, HP-UX Rbac Commands