Understanding AIX Advanced Features: Easy role-based access control

Brief introduction

In the past, the security mechanism of the system was controlled by a single user (root). The root user determines who can log in, who can access data, which processes have access to kernel mode, and so on. However, the disadvantage of a single root user is that if an unauthorized person controls the root user, the system is vulnerable.

To avoid this problem, the latest version of AIX (5.3TL07 and 6.1) introduces new security features such as RBAC and multilevel security (MLS), as well as additional features in traditional root-based authentication, such as Trusted Execution (TE), En crypted File System (EFS), and so on.

This article explains how to understand and apply new features such as RBAC and MLS through examples.

Security Management Overview

Traditional mechanisms

Rbac

Traditional mechanisms

Access to data (by process/file relationship) can be controlled using the DAC (discretionary access control, autonomic access controls). However, the root user with all privileges is a single user. The root user can do any access control and perform any action. This can pose a serious security threat.

In addition, root users often serve as system administrators, security officers (Maintenance security policy) and system operators (performing day-to-day activities) and many other positions. By a single user control system, other users are completely unable to control the activities in the system.

RBAC can assign the root user's role and authorization to multiple users. This paper explains how RBAC can improve the security of the system.

Rbac

Traditional AIX systems have a limited set of authorizations that you can use to determine access to certain administrative commands. The following example shows that the passwd command is a setuid program that the SETUID program has permission to perform as a non-root user. It can also modify the/etc/security/passwd file as a non-root user. The DAC is not allowed to do so.

passwd command and other setuid procedures

$　ls　-l　'which　passwd'
-r-sr-xr-x　　1　root　　　security　　　40014　May　07　2008　/usr/bin/passwd

#　ls　-l　/etc/security/passwd
-rw-------　　1　root　　　security　　　　467　Mar　10　23:48 　/etc/security/passwd

This can lead to a serious risk that anyone can do anything just by controlling the root shell through a malicious setuid program.

Prior to AIX 6th Edition, some of the power of root users could be assigned to a non-root user. Different root user tasks (commands) have different authorizations. These authorizations are grouped into roles and assigned to different users:

Task-> Authorization

Authorization-> Role

Role-> User

However, the root user is still the only supreme authority. The person who can access the root user can do anything.