Manualshelf

HP-UX 11i Security Containment Administrator's Guide for HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX 11i Security Containment Software
41424344454647484950
NOTE: Refer to the privrun(1m) and rbac(5) manpages for more about using the privrun
command.
HP-UX RBAC in Serviceguard Clusters
Serviceguard does not support the use of HP-UX RBAC and privrun to grant access to
Serviceguard commands. Serviceguard version A.11.16 implemented its own Role-Based Access
Control by specifying Access Control Policies through package and cluster configuration files,
providing cluster-aware policies for Serviceguard operations. The Serviceguard mechanism must
be used for Role Based Access Control of Serviceguard operations. Refer to the latest Managing
Serviceguard manual for additional details on Serviceguard Access Control Policies.
HP-UX RBAC can be used with non-Serviceguard commands in a Serviceguard cluster. The
same HP-UX RBAC rules should be applied to all nodes in the cluster.
Using the Privilege Shells (privsh, privksh, privcsh) to Automatically Run Commands
with Privilege
Using the privrun wrapper directly before every privileged command can present some usability
challenges, especially in environments where the administrator is expected to run many privileged
commands. With the most recent release of HP-UX RBAC (B.11.23.04), a set of privilege shells
was introduced. These shells mirror their non-privileged counterparts in every way with one
exception: for those commands that have a corresponding entry in the cmd_priv file, the privilege
shell will automatically attempt to run the command with the specified privileges. If this fails,
the shell will fallback to running the command normally, for example, without additional
privileges.
This privilege shell behavior only takes affect for the commands directly invoked through the
shell. If a privilege shell is used to invoke a script that does not appear in the cmd_priv file, but
that script contains commands that do appear in the file, those commands will not be run with
additional privileges. The only exception is if the shell interpreter is also a privilege shell, for
example, when the first line of the script is: #!/usr/bin/privsh. Note that this behavior also
applies to commands that invoke other commands. Only the command invoked by the privilege
shell will exhibit privileged behavior, not the nest command. For example, if the following
command was invoked from a privileged shell, none of the commands invoked from ksh would
be run with privileges, even if the commands appeared in cmd_priv and the user was
appropriately authorized:
# /usr/bin/ksh
Making use of a privilege shell is as simple as adding one of the supported shells to the users
shell entry in the /etc/passwd file. This is typically accomplished using the chsh command.
Note that administrators who wish to allow their users the ability to configure the privilege shells
should add them to the /etc/shells file, if it exists, as this file limits the shells that a user may
configure. For more information on the /etc/shells file, see shells(4). For more information
on privilege shells, see privsh(5) .
Using the privedit Command to Edit Files Under Access Control
The privedit command allows authorized users to edit files they usually would not be able
to edit because of file permissions or ACLs. After you invoke the command and identify the file
you want to edit as an argument, privedit checks the /etc/rbac/cmd_privdatabase—just
as privrun does—to determine the authorization required to edit the specified file. If the invoking
user is authorized to edit the file, privedit invokes an editor on a copy of the file.
48 HP-UX Role-Based Access Control