role-based access Control in Aix, part 1th

Introduction: In this series of articles, we will introduce you and discuss with you the relevant content of role-based access control (role Based access controls). As a new security feature of AIX 6, RBAC provides users with fine-grained, more flexible security management methods. This article is excerpted from the IBM Red Book "AIX V6 Advanced security Features Introduction and Configuration."

AIX V6 and role-based access control (RBAC)

AIX V6 introduces enhanced RBAC, which is the way to delegate roles and authorizations to one or more ordinary user accounts.

RBAC allows system administrators to delegate certain tasks to ordinary users, and the traditional practice is that these tasks are performed by root or through Setuid/setgid.

One of the advantages of RBAC is that you can reduce the use of the Setuid/setgid program as much as possible by restricting the permissions assigned to a command (only the permissions necessary for the command to perform its tasks).

There is no specific installation package for legacy or Enhanced mode RBAC in the AIX V6. Most of the enhanced RBAC commands are included in the Bos.rte.security file set.

The following sections introduce and discuss in depth the components included in enhanced RBAC.

The traditional AIX management approach

Here, we'll introduce the traditional AIX management approach, as well as some of the tools for that purpose.

Super User admin Account

In the AIX operating system, the traditional privilege management approach relies on a single system administrator account named Root. We use the root account as a superuser because the root user account is authorized to perform all of the privileged system administration tasks in the AIX system. Typically, the user ID/uid of the root user is specified as 0.

Relying solely on a single superuser to complete all aspects of system management will create problems in the separation of management responsibilities. Although you can use only one administrative account in some business environments, many environments require multiple administrators, each of whom is responsible for performing different tasks.

If you use only one administrative account, you may need to share the role of using superuser among two or more system administrators. In some environments, the shared management approach may compromise the business audit guidelines in situations where you need to focus all of the privileged system administration tasks on a single individual.

An alternative to sharing the superuser role is to create another user with the same UID as the root user.

From a security standpoint, regardless of either of these approaches, there are a variety of problems that can arise because each administrator is granted full control of the system. There is no way to limit the actions that any given administrator can perform. Because the root user is the most privileged user, the user may perform unauthorized operations and remove any audit information for those activities, so it is almost impossible to track their management operations.

Discretionary access control (DAC)

Autonomous access Control (DAC) is a security feature that is controlled by the owner of a file or directory.

In AIX, the DAC can be implemented using the methods of the owner/group/other user and read/write/execute traditional file object permission bits.

By using the File object permission bits, each user can determine whether another user or group needs to access data in a particular file object. The DAC usually needs to understand the relevant standards and grant permissions or deny access accordingly. This type of access is based on the UID and GID to which the user belongs. All file system objects have relevant permissions to describe the access rights of the owner, group, and other users.