HP-UX Reference (11i v3 07/02) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

271

272

273

274

275

276

277

278

279

280

roleadm(1M) roleadm(1M)

If the speciﬁed user does not exist in the system and there exists the special user,

DEFAULT, in the

/etc/rbac/user_role

database, then the roles listed for the speciﬁed user will be those of the

DEFAULT user. In the event that there is more than one

DEFAULT user deﬁned in the

/etc/rbac/user_role

database, the system will recognize only the last one.

sys is speciﬁed, then all the roles in the roles database,

/etc/rbac/roles

, will be listed.

When

sys is speciﬁed, no other argument will be taken by

roleadm.

Authorizations

In order to invoke roleadm, the user must either be root, (running with effective uid of 0), or have the

appropriate authorization(s). The following is a list of the required authorizations for running

roleadm

with particular options:

hpux.security.access.role.add,*

Allows user to run roleadm with "add" option.

hpux.security.access.role.delete,*

Allows user to run roleadm with "delete" option.

hpux.security.access.role.modify,*

Allows user to run roleadm with "modify" option.

hpux.security.access.role.assign,*

Allows user to run roleadm with "assign" option.

hpux.security.access.role.revoke,*

Allows user to run roleadm with "revoke" option.

hpux.security.access.role.list,*

Allows user to run roleadm with "list" option.

EXTERNAL INFLUENCES

Environment Variables

LC_MESSAGES determines the language in which messages are displayed.

International Code Set Support

Single-byte character code set is supported.

RETURN VALUE

Upon completion, roleadm returns one of the following values:

0 Success.

1 Failure. An appropiate error message is printed to stderr.

EXAMPLES

The following command will append the line administrator

to /etc/rbac/roles ﬁle.

# roleadm add administrator

The following command will append the line &adm:administrator

to the /etc/rbac/user_role

ﬁle.

# roleadm assign "&adm" administrator

The following command will delete line accountant in /etc/rbac/roles ﬁle and other databases.

# roleadm delete accountant

The following command will delete line &adm:administrator from the /etc/rbac/user_role

ﬁle.

# roleadm revoke "&adm" administrator

The following command will replace role name webAdmin with webMaster in /etc/rbac/roles,

/etc/rbac/user_role, and /etc/rbac/role_auth

# roleadm modify webAdmin webMaster

The following command will append line John:administrator

to /etc/rbac/user_role ﬁle:

HP-UX 11i Version 3: February 2007 − 2 − Hewlett-Packard Company 271