SPOTD: The 5 Cent Tour of Solaris Role-Based Access Control

Sometimes when trying to fix a problem or writing some piece of code I realise I only have a very vague idea how to go about attacking it. Usually there's a fair bit of documentation, but lacking a clear idea of what exactly I need I have no idea where to start reading...

And that's why it's nice to have water coolers (be it the real ones in the break room or the virtual ones on IM or IRC): you can usually find someone who knows more about the stuff that puzzles you, who will happily explain how things fit together, providing the big picture so that now you know where to start.

Having for a while now dabbled in things Trusted Solaris and Trusted Extensions I've also become more familiar with Solaris Role-Based Access Control, so I've been the one to provide the 5 minute "big picture" about those topics to a couple colleagues... so I thought it might be useful to do something similar for people that I tend to not run into at the water cooler...

This 5 cent tour of Solaris Role-Based Access Control is a five minute overview of the main bits and pieces of RBAC. It's not meant to replace the documentation: it's a rough guide, providing enough background to maybe have a go at making root a role on your system, or to help find your way in the man pages and maybe set up your system for dual-role administration...

<script type="text/javascript" src="http://blip.tv/scripts/pokkariPlayer.js"></script><script type="text/javascript" src="http://blip.tv/syndication/write_player?skin=js&posts_id=236363&source=3&autoplay=true&file_type=flv&player_width=&player_height="></script>
A brief overview of the main concepts and components of Solaris RBAC (Role-Based Access Control).

The video is also available in QuickTime (30MB) or Shockwave Flash (3MB).

I'm considering doing one of these around Trusted Extensions; if you'd find that interesting please do leave a comment (comments about this video are welcome too, obviously).

-Bart

Comments:

That is a fabulous intro to RBAC.

I enjoyed the presentation style and think it would be worth while create additional tours.

Posted by Shawn Ferry on May 17, 2007 at 02:21 PM PDT #

Great work. I, for one, would love to see one on TX.

Posted by Boyd Adamson on May 17, 2007 at 09:31 PM PDT #

Great stuff, thanks! I'd always been meaning to look into RBAC as a replacement for sudo, but until I saw this, I didn't have a clue how! One wee comment about the video: I'm not sure about the other versions, but with the embedded one, it was difficult (and at some times, impossible) to see what was happening in the CLI snippets. Maybe higher resolution videos would work better?

Posted by Graeme Mathieson on May 25, 2007 at 09:15 PM PDT #

Oh, and I've no idea what I'd use Trusted Extensions for right now, but I'm sure a 5-cent introduction would inspire me. :-)

Posted by Graeme Mathieson on May 25, 2007 at 09:17 PM PDT #

I realised after I'd done the video that the font size on the terminal wouldn't work well... so the next one I'll make sure to use a larger font.

(On the high resolution ones the text is less smudged so somewhat more readable, but it's not quite large)

-Bart

Posted by Bart Blanquart on May 26, 2007 at 06:09 AM PDT #

Great intro to RBAC. I particularly liked the whiteboard style of presentation. Would be great if you can do one on trusted extensions as you are planning.

Posted by Anand Atre on November 08, 2007 at 02:25 AM PST #

Great job,

I noticed a few comments about TX. For me, it was difficult to get my head around when reading the documentation, but ended up being quite simple in the end.

Here's some stuff I've put together on it, including some example configs:

http://web.mac.com/robert.bailey/iWeb/Fun%20in%20the%20Sun/Trusted%20Extensions/Trusted%20Extensions_files/home-tx-security.pdf

or:

http://web.mac.com/robert.bailey

Posted by Robert Bailey on March 23, 2008 at 11:05 PM PDT #

Great intro to RBAC. I've no idea what I'd use Trusted Extensions for right now.

Posted by Darbas on October 16, 2008 at 01:24 AM PDT #

Great, Informative and a lot of fun. Thanks for that.

Posted by Allan on March 03, 2009 at 04:42 AM PST #

Realy intresting information "Sometimes when trying to fix a problem or writing some piece of code" i think you must have good admin and devoloper

Posted by Truffle oil on May 07, 2009 at 03:31 AM PDT #

liked the whiteboard style of presentation. Would be great if you can do one on trusted extensions as you are planning.

Posted by foot bunion on December 19, 2009 at 03:57 PM PST #

Role-Based Access Control is the way to go.. much like ACLs give extra layer of protection...

Posted by teeth bleaching on December 20, 2009 at 11:54 AM PST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
11
12
13
14
16
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today