RBAC
2004/12/11Role Based Access Control. Often part of a MAC (Mandatory Access Control) system, but can be present on a system where root still retains absolute power. Terminology varies widely with specific implementations, but there will be some set of defined privileges or authorizations that can be assigned to certain users or processes. For example, SCO OSR5 defines an authorization for backup (from the docs):
backup
allows a user to perform backup subsystem administration;
backup has the following default secondary authorizations:
create_backup
allows a user to create backups
queryspace
allows a user to use the df command
restore
allows a user to restore from backups
More modern systems take this much farther. For example, Solaris 10 has privileges such that you could enforce logging of everything root does and (in theory, anyway) shut off the ability to change that. It is that last part that the flaw in most such systems: you aren't going to put root into a one way trap you can't get out of, but if you don't, anyone who has root access can undo your restrictions. In some extremely paranoid systems, there are such limitations and only a specific group of people can change them (visualize the two keys supposedly necessary to launch nuclear weapons).
Got something to add? Send me email.
Increase ad revenue 50-250% with Ezoic
Inexpensive and informative Apple related e-books:
Take Control of OS X Server
Take Control of Numbers
Yosemite Crash Course
Take Control of Upgrading to El Capitan
Take control of Apple TV, Second Edition
More Articles by Tony Lawrence
Find me on Google+
© 2009-11-07 Tony Lawrence
Printer Friendly Version
RBAC: Tech Words of the Day Copyright © December 2004 Tony Lawrence
Have you tried Searching this site?
Support RatesThis is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.
Contact us
Printer Friendly Version