RBAC - Role Based Access Control

What is RBAC ?

Role-based access control allows system administrators to
delegate the administrative control of parts of the system to
users.  Users can be given the ability to run commands with
additional privilege in two ways.  Either by assigning a
profile directly to the user, in which case no additional
authentication is required.  Or by creating a role.
It can also be used to build restrictive environments for
users by removing their ability to run commands they would normally
be allowed to.

OpenSolaris UserGroup RBAC presenation

Why use RBAC vs sudo (for Solaris)
(Note this may not apply to all OpenSolaris distributions)

• • RBAC is built into Solaris (since S8) and supported by Sun.
  • RBAC is documented, patched, updated and integrated throughout Solaris
  • RBAC is supported by the Solaris Management Console and WebMin GUI's
  • RBAC is integrated with SMF in Solaris 10.
  • RBAC is evaluated along with the rest of the OS during Common
          Criteria evaluations.  Sudo is not included in the evaluation.
  • RBAC actions are audited by the same CC evaluated audit facility used through Solaris
  • RBAC offers roles as well as the pfexec command which provides a similar capability to sudo.

Why use sudo rather than RBAC

• Cross platform
• Support for control of CLI arguments (see TODO list below)
• Support for setting per command environment (see TODO list below)

What about sudo & privileges ?

Having sudo be privilege aware would be great for OpenSolaris as well.  This would probably be done by adding new keywords to the sudoers grammar so that you can specify the privileges that the command should run with.  It would be very cool if someone could implement this and contribute it back to the main sudo branch.

RBAC Best Practices for OpenSolaris developers

The following best practice documents for using RBAC in developing
other parts of OpenSolaris can be found in the ARC community:

• When to use setuid vs RBAC roles

• Adding New authorisations to OpenSolaris

• Bulding RBAC Rights Profiles

RBAC TODO List

The following is a list of mini projects or RFEs that we know
we need to implement in the OpenSolaris RBAC framework to get
parity with sudo or to fill a customer need.

Please help us out by implementing one of these:

• Control of environment variables: 6227888
    Ability to set and clear any environment variable for a specific
    entry in exec_attr(4). 

• Control of command line args: 5097247
    Restrict which arguments to a command get the additional privilege,
    For example run passwd(1) but only with a user name not with any
    of the password aging options.

• Netgroups integration 4986798
    For all of the RBAC databases that make up a profile definition and
    assignment of it to a user (exec_attr, prof_attr, user_attr) control
    which hosts it is valid on using netgroups.  The currently unused
    "qualifier" field in user_attr(4) is intended for this as is one
    of the reserved fields in prof_attr(4).

History of RBAC in Solaris

The main stream Solaris first got RBAC in Solaris 8.  In Solaris 9 new profiles were added but no new core functionality from the framework.   In Solaris 10 RBAC was integrated with least privilege, SMF and SMC.

Trusted Solaris (now replaced by Trusted Extensions) had an RBAC system in all of its releases going back to the SunOS 4.1.3 based versions.  The implementation was slighly different but the basic concepts are the same.