# # RBAC
APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

RBAC

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.



Some material is very old and may be incorrect today

© December 2004 Tony Lawrence
2004/12/11

Role Based Access Control. Often part of a MAC (Mandatory Access Control) system, but can be present on a system where root still retains absolute power. Terminology varies widely with specific implementations, but there will be some set of defined privileges or authorizations that can be assigned to certain users or processes. For example, SCO OSR5 defines an authorization for backup (from the docs):



backup
    allows a user to perform backup subsystem administration;
    backup has the following default secondary authorizations:


    create_backup
        allows a user to create backups 

    queryspace
        allows a user to use the df command 

    restore
        allows a user to restore from backups 

More modern systems take this much farther. For example, Solaris 10 has privileges such that you could enforce logging of everything root does and (in theory, anyway) shut off the ability to change that. It is that last part that the flaw in most such systems: you aren't going to put root into a one way trap you can't get out of, but if you don't, anyone who has root access can undo your restrictions. In some extremely paranoid systems, there are such limitations and only a specific group of people can change them (visualize the two keys supposedly necessary to launch nuclear weapons).


If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> RBAC


Inexpensive and informative Apple related e-books:

iOS 8: A Take Control Crash Course

El Capitan: A Take Control Crash Course

Are Your Bits Flipped?

Take Control of OS X Server

Digital Sharing Crash Course





More Articles by © Tony Lawrence





Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





It is not only that there is no hiding place for the gods from the searching telescope and microscope; there is no such society any more as the gods once supported. (Joseph Campbell)




Linux posts

Troubleshooting posts


This post tagged:

Security

UnixWords



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode