HP UX 11i Role-based Access Control (RBAC) Software manual HP-UX Rbac in Serviceguard Clusters

NOTE: Refer to the privrun(1m) and rbac(5) manpages for more about using the privrun command.

HP-UX RBAC in Serviceguard Clusters

Serviceguard does not support the use of HP-UX RBAC and privrun to grant access to Serviceguard commands. Serviceguard version A.11.16 implemented its own Role-Based Access Control by specifying Access Control Policies through package and cluster configuration files, providing cluster-aware policies for Serviceguard operations. The Serviceguard mechanism must be used for Role Based Access Control of Serviceguard operations. Refer to the latest Managing Serviceguard manual for additional details on Serviceguard Access Control Policies.

HP-UX RBAC can be used with non-Serviceguard commands in a Serviceguard cluster. The same HP-UX RBAC rules should be applied to all nodes in the cluster.

Using the Privilege Shells (privsh, privksh, privcsh) to Automatically Run Commands with Privilege

Using the privrun wrapper directly before every privileged command can present some usability challenges, especially in environments where the administrator is expected to run many privileged commands. With the most recent release of HP-UX RBAC (B.11.23.04), a set of privilege shells was introduced. These shells mirror their non-privileged counterparts in every way with one exception: for those commands that have a corresponding entry in the cmd_priv file, the privilege shell will automatically attempt to run the command with the specified privileges. If this fails, the shell will fallback to running the command normally, for example, without additional privileges.

This privilege shell behavior only takes affect for the commands directly invoked through the shell. If a privilege shell is used to invoke a script that does not appear in the cmd_priv file, but that script contains commands that do appear in the file, those commands will not be run with additional privileges. The only exception is if the shell interpreter is also a privilege shell, for example, when the first line of the script is: #!/usr/bin/privsh. Note that this behavior also applies to commands that invoke other commands. Only the command invoked by the privilege shell will exhibit privileged behavior, not the nest command. For example, if the following command was invoked from a privileged shell, none of the commands invoked from ksh would be run with privileges, even if the commands appeared in cmd_priv and the user was appropriately authorized:

#/usr/bin/ksh

Making use of a privilege shell is as simple as adding one of the supported shells to the user’s shell entry in the /etc/passwd file. This is typically accomplished using the chsh command. Note that administrators who wish to allow their users the ability to configure the privilege shells should add them to the /etc/shells file, if it exists, as this file limits the shells that a user may configure. For more information on the /etc/shells file, see shells(4). For more information on privilege shells, see privsh(5) .

Using the privedit Command to Edit Files Under Access Control

The privedit command allows authorized users to edit files they usually would not be able to edit because of file permissions or ACLs. After you invoke the command and identify the file you want to edit as an argument, privedit checks the /etc/rbac/cmd_privdatabase—just as privrun does—to determine the authorization required to edit the specified file. If the invoking user is authorized to edit the file, privedit invokes an editor on a copy of the file.

48 HP-UX Role-Based Access Control