HP-UX 11i Security Containment Administrator's Guide for HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX 11i Role-based Access Control (RBAC) Software

HP-UX RBAC Example Usage and Operation................................................................................32

Planning the HP-UX RBAC Deployment.............................................................................................33

Step 1: Planning the Roles...............................................................................................................33

Step 2: Planning Authorizations for the Roles................................................................................33

Step 3: Planning Command Mappings............................................................................................34

HP-UX RBAC Limitations and Restrictions....................................................................................34

Configuring HP-UX RBAC...................................................................................................................35

Step 1: Configuring Roles................................................................................................................36

Creating Roles............................................................................................................................36

Assigning Roles to Users............................................................................................................37

Assigning Roles to Groups.........................................................................................................37

Step 2: Configuring Authorizations................................................................................................37

Step 3: Configuring Additional Command Authorizations and Privileges....................................38

Hierarchical Roles............................................................................................................................40

Overview....................................................................................................................................40

Examples of Hierarchical Roles............................................................................................40

Changes to the authadm Command for Hierarchical Roles.................................................41

Hierarchical Roles Considerations........................................................................................41

Configuring HP-UX RBAC with Fine-Grained Privileges..............................................................42

Configuring HP-UX RBAC with Compartments............................................................................43

Configuring HP-UX RBAC to Generate Audit Trails......................................................................44

Auditing Based on HP-UX RBAC Criteria and the /etc/aud_filter File.....................................45

Procedure for Auditing HP-UX RBAC Criteria.........................................................................45

Using HP-UX RBAC.............................................................................................................................46

Using the privrun Command to Run Applications with Privileges...............................................46

HP-UX RBAC in Serviceguard Clusters.....................................................................................48

Using the Privilege Shells (privsh, privksh, privcsh) to Automatically Run Commands with

Privilege...........................................................................................................................................48

Using the privedit Command to Edit Files Under Access Control.................................................48

Customizing privrun and privedit Using the ACPS.......................................................................49

Troubleshooting HP-UX RBAC............................................................................................................50

The rbacdbchk Database Syntax Tool..............................................................................................50

privrun -v Information....................................................................................................................50

4 Fine-Grained Privileges................................................................................................51

Overview...............................................................................................................................................51

Fine-Grained Privileges Components...................................................................................................51

Commands.......................................................................................................................................51

Manpages.........................................................................................................................................52

Available Privileges...............................................................................................................................52

Configuring Applications with Fine-Grained Privileges.....................................................................53

Privilege Model...............................................................................................................................54

Compound Privileges......................................................................................................................54

Security Implications of Fine-Grained Privileges.................................................................................55

Privilege Escalation.........................................................................................................................55

Fine-Grained Privileges in HP Serviceguard Clusters.........................................................................55

Troubleshooting Fine-Grained Privileges.............................................................................................55

5 Compartments..............................................................................................................57

Overview...............................................................................................................................................57

Compartment Architecture.............................................................................................................57

Default Compartment Configuration..............................................................................................59

Planning the Compartment Structure..................................................................................................59

4 Table of Contents