Thursday May 27, 2010

Zones, X and Roles

My last two blog entries were actually written to set up this entry. What if I'm logged into the zone, assumed a role and need to run a GUI? An example use case here would be assuming the role of oracle and wanting to run something like the Oracle Database Configuration Assistant (DBCA). For the purposes of this entry, however, I'll stick to the simple Python GUI I used in my previous entry.[Read More]

Tuesday May 25, 2010

Roles

Of all the components of Solaris' Role Based Access Control (RBAC), roles are the easiest the implement. When I explain the concept of roles to people, they immediately get it.

OpenSolaris comes with a couple of roles pre-configured, most notably root. This has led to some frustration for newcomers to OpenSolaris as they don't understand why they can't log into their system as root.

But, as there is most likely no person in your organization named 'root', why do you wnat a user account on your system for a person that doesn't exist? Who is this root user and who's accountable for what they do on the system? Over time the password for the root user account always seems to proliferate. The principle of least privilege, another RBAC concept that I'm not addressing here, is meant to limit the need to hand out root access, but even in the absence of that, wouldn't it be nice to know who's doing what as root on your system?

[Read More]

Friday Dec 05, 2008

Understading RBAC

Role Based Access Control or RBAC is a powerful feature of OpenSolaris. However, all of the moving pieces involved can make it somewhat hard to comprehend. In this blog entry I attempt to distill what I've come to understand.

[Read More]
About

The Observatory is a blog for users of Oracle Solaris. Tune in here for tips, tricks and more as we explore the Solaris operating system from Oracle.

Connect with Oracle Solaris:


Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
20
21
22
23
24
25
26
27
28
29
30
   
       
Today