Log-in | en

What is RBAC ?

Role-based access control allows system administrators to
delegate the administrative control of parts of the system to
users.  Users can be given the ability to run commands with
additional privilege in two ways.  Either by assigning a
profile directly to the user, in which case no additional
authentication is required.  Or by creating a role.
It can also be used to build restrictive environments for
users by removing their ability to run commands they would normally
be allowed to.

OpenSolaris UserGroup RBAC presenation

Why use RBAC vs sudo (for Solaris)
(Note this may not apply to all OpenSolaris distributions)

    • RBAC is built into Solaris (since S8) and supported by Sun.
    • RBAC is documented, patched, updated and integrated throughout Solaris
    • RBAC is supported by the Solaris Management Console and WebMin GUI's
    • RBAC is integrated with SMF in Solaris 10.
    • RBAC is evaluated along with the rest of the OS during Common
            Criteria evaluations.  Sudo is not included in the evaluation.
    • RBAC actions are audited by the same CC evaluated audit facility used through Solaris
    • RBAC offers roles as well as the pfexec command which provides a similar capability to sudo.

Why use sudo rather than RBAC

  • Cross platform
  • Support for control of CLI arguments (see TODO list below)
  • Support for setting per command environment (see TODO list below)

What about sudo & privileges ?

Having sudo be privilege aware would be great for OpenSolaris as well.  This would probably be done by adding new keywords to the sudoers grammar so that you can specify the privileges that the command should run with.  It would be very cool if someone could implement this and contribute it back to the main sudo branch.

RBAC Best Practices for OpenSolaris developers

The following best practice documents for using RBAC in developing
other parts of OpenSolaris can be found in the ARC community:

RBAC TODO List

The following is a list of mini projects or RFEs that we know
we need to implement in the OpenSolaris RBAC framework to get
parity with sudo or to fill a customer need.

Please help us out by implementing one of these:

  • Control of environment variables: 6227888
      Ability to set and clear any environment variable for a specific
      entry in exec_attr(4). 
  • Control of command line args: 5097247
      Restrict which arguments to a command get the additional privilege,
      For example run passwd(1) but only with a user name not with any
      of the password aging options.
  • Netgroups integration 4986798
      For all of the RBAC databases that make up a profile definition and
      assignment of it to a user (exec_attr, prof_attr, user_attr) control
      which hosts it is valid on using netgroups.  The currently unused
      "qualifier" field in user_attr(4) is intended for this as is one
      of the reserved fields in prof_attr(4).

History of RBAC in Solaris

The main stream Solaris first got RBAC in Solaris 8.  In Solaris 9 new profiles were added but no new core functionality from the framework.   In Solaris 10 RBAC was integrated with least privilege, SMF and SMC.

Trusted Solaris (now replaced by Trusted Extensions) had an RBAC system in all of its releases going back to the SunOS 4.1.3 based versions.  The implementation was slighly different but the basic concepts are the same.

last modified by admin on 2009/10/26 12:10
 
Collectives
Project

Subsites
Code Reviews
Code Repositories
Package Search
Bugster
Bugzilla
Test Machines
Planet
Mailing Lists
Elections & Polls
ARC Case Logs
Source Juicer
Package Factory
User Authentication
Community Group security Pages

© Sun Microsystems Inc. 2009
XWiki Enterprise 1.8.2.19075 - Documentation
Terms Of Use | Privacy | Trademarks | Copyright Policy | Site Guidelines | Site map | Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.