RBAC - Assign web administration to given server
Assign user "nsserver" the ability to manage the web services
ServerName: mywebserver1
Rolename : web_admin
Username : nsserver
Profile : web_prof
Objective : Stop and Start the Web Server ( secure & non-secure )
Create a role
roleadd -u 400 -g 10 -d /export/home/web_admin -m web_admin
Assign Password to the role
passwd web_admin
cd /etc/security
cp prof_attr prof_attr.orig
edit the prof_attr file and add the below line
vi prof_attr
web_prof:::Permit stop and start of Web, coldfusion Server:
edit the exec_attr and add the below line
vi exec_attr
web_prof:suser:cmd:::/apps/iplanet/servers/https-mywebserver1.twcnyc.com/stop:uid=0
web_prof:suser:cmd:::/apps/iplanet/servers/https-mywebserver1.twcnyc.com/start:uid=0
web_prof:suser:cmd::: /apps/coldfusionmx/bin/coldfusion stop:uid=0
web_prof:suser:cmd::: /apps/coldfusionmx/bin/coldfusion start:uid=0
web_prof:suser:cmd:::/usr/bin/ls
web_prof:suser:cmd:::/usr/bin/wc
web_prof:suser:cmd:::/usr/bin/profiles
web_prof:suser:cmd:::/usr/bin/vi
web_prof:suser:cmd:::/usr/bin/more
web_prof:suser:cmd:::/usr/bin/id
web_prof:suser:cmd:::/usr/bin/gzip
web_prof:suser:cmd:::/usr/bin/roles
Use rolemod to assign the profile to the role
rolemod -P web_prof web_admin
Use the usermod command to assign the role to the user
usermod -R web_admin nsserver
Sunday, April 13, 2008
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment