In the previous article, I introduced the concept of managing the Solaris 10 role. The following describes how to create a role by using relevant commands. The Solaris Management Console GUI is the preferred method for managing RBAC. You can also use the command line interface. Although you can manually edit the local RBAC database, it is strongly recommended that you do not edit this type. The following command can be used to manage access to tasks with RBAC. Table 1 lists RBAC-related management commands.
| Command name | Function Description |
| Auths | Displays user authorization. |
| Makedbm | Generate a dbm file. |
| Nscd | Name Service high-speed cache daemon, applicable to high-speed cache user_attr, prof_attr and exec_attr databases. Run the svcadm command to restart the daemon. |
| Pam_roles | PAM role account management module. Check the Role authorization. |
| Pfexec | Used by the configuration file shell to execute the commands with security attributes specified in the exec_attr database. |
| Policy. conf | The configuration file of the system security policy. Lists the granted permissions, granted permissions, and other security information. The policy. conf file provides a way to grant all users specific permissions to configuration files, specific authorizations, and specific permissions. |
| Profiles | Displays the permission configuration file of the specified user. |
| Roles | Displays the roles that a specified user can assume. |
| Roleadd | Add a role to the local system. |
| Roledel | Delete a role from the local system. |
| Rolemod | Modify the role attributes on the local system. |
| Smattrpop | Merge the source Security Attribute Database to the target database. To merge a local database into the name service. It is also used for upgrading without a conversion script. |
| Smexec | Manage the items in the exec_attr database. Verification required. |
| Smmultiuser | Manage batch operations on user accounts. Verification required. |
| Smprofile | Manage the permission configuration files in the prof_attr and exec_attr databases. Verification required. |
| Smrole | Manage Roles and users in a role account. Verification required. |
| Smuser | Manage user items. Verification required. |
| Useradd | Add a user account to the system. -P option specifies the role to the user account. |
| Userdel | Delete user logon from the system. |
| Usermod | Modify user account attributes on the system. |
The following describes how to use role management commands based on specific examples.
Application Instance 1: Create a role locally through the command line:
L assume the master administrator role or become a root Super User.
L select the roleadd command to create a role on the local command line. The command is as follows:
| # Roleadd-c comment-g group-m homedir-u UID-s shell-P profile rolename |
| # Usermod-u UID-R rolename |
| # Svcadm restart system/name-service-cache |
L to unlock the role account, you must create a password. If you have added a local role using the roleadd command, you must perform this step.
| % Su rolename Password: <键入 rolename 的口令> Confirm Password: <重新键入 rolename 的口令> |
[1] [2] [3] Next page
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
