Manuals / HP / Computer Equipment / Software

HP UX 11i Role-based Access Control (RBAC) Software manual HP-UX Rbac Example Usage and Operation

Models: UX 11i Role-based Access Control (RBAC) Software

1 84
Download 84 pages 13.76 Kb
Page 32
Image 32

Figure 3-1 HP-UX RBAC Architecture

/usr/sbin/ cmdprivadm

 

privrun

Command, Auth

 

￿ Privilege

 

 

 

Database

 

 

 

 

PAM, Name

Service Switch

privedit

 

access - control

 

access - control

 

 

 

 

 

aware application

 

aware application

 

 

 

 

 

 

 

 

 

 

 

ACPS API

Access Control Policy Switch (ACPS)

PAM

Service

Modules

User Information

ACPS SPI

(for example /etc/passwd )

KEY :

Privilege Wrapper

Commands

Access Control Switch

RBAC

Future

Existing Components

 

 

 

 

Other Policy ACPM

 

 

Local RBAC

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ACPM

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Role ￿

 

 

 

 

 

Valid System

User ￿ Role

 

Valid System

 

 

Authorization

 

 

Roles

Database

 

Database

Auths

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

/usr/sbin/

 

 

 

/usr/sbin/

 

 

 

 

/usr/sbin/

 

 

 

rbacdbck

 

 

 

roleadm

 

 

 

 

authadm

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

HP-UX RBAC Example Usage and Operation

Figure 3-2 “Example Operation After Invoking privrun” and the subsequent footnotes illustrate a sample invocation of privrun and the configuration files that privrun uses to determine whether a user is allowed to invoke a command.

Figure 3-2 Example Operation After Invoking privrun

Users MANY:MANY

/etc/rbac/user_role

Roles

via

ACPS

 

MANY:MANY

/etc/rbac/role_auth

via ACPS

4

Authorizations

 

1:1

MANY:MANY

Cmd,

Operations

Objects

Privs

 

/etc/rbac/cmd_priv

3

Process

(shell)

1

cmd, args, UID

2

Privrun

Drop all but

defined privs

5

Command

w/

Privileges

32 HP-UX Role-Based Access Control

Page 31 Page 33
Page 32
Image 32
HP UX 11i Role-based Access Control (RBAC) Software manual HP-UX Rbac Example Usage and Operation, HP-UX Rbac Architecture
Page 31 Page 33