User defined roles on Linux

[dtklein]

Many places use sudo and groups to provide RBAC capabilities. In general, one is allowed to execute a command with raised privilege if they meet the union of (command,user/group,machine) as defined in the sudoers file (or even better, put in the patch to mate-up sudo to LDAP). 

--
david t. klein

Cisco Certified Network Associate (CSCO11281885)
Linux Professional Institute Certification (LPI000165615)
Redhat Certified Engineer (805009745938860)

Quis custodiet ipsos custodes?

--
Sent on the Sprint® Now Network from my BlackBerry®

-----Original Message-----
From: "S, Senthilprabu (NSN - IN/Bangalore)" <senthilprabu.s at nsn.com>
Sender: redhat-sysadmin-list-bounces at redhat.com
Date: Wed, 11 Aug 2010 23:06:02 
To: <redhat-sysadmin-list at redhat.com>
Reply-To: redhat-sysadmin-list at redhat.com
Subject: User defined roles on Linux

Hello All, 
    I am a newbie to Linux and SELinux as well. So apologize me if my question is stupid. All these days, I have been playing with Solaris. Have implemented user profiles and associated them with roles using RBAC on Solaris to facilitate set of users to run my application. Users assuming my role can only start, stop and troubleshoot application whereas not possible to execute any other commands. Now after RHEL 5.5 migration, I am trying to implement similar roles here too. After running through various RHEL manuals I assume that SELinux can be used to define RBAC roles to some extend, even though its main feature is to implement Mandatory Access Control (MAC). I see few pre-defined roles like  sysadm_r and staff_u. Now my question is it possible to create user defined roles on RHEL 5.5 using SELinux and assign it to shared os accounts?. If possible but not through SELinux, please let me how it can be done?.



Thanks in advance,
Senthil Prabu.S


--
redhat-sysadmin-list mailing list
redhat-sysadmin-list at redhat.com
https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list