0

I`m learing RBAC in solaris. 

bash-2.03# tail -4 /etc/user_attr
root::::type=normal;auths=solaris.*,solaris.grant;profiles=All
mirror::::type=normal;profiles=Mirror
jz::::type=normal;auths=solaris.*,solaris.grant;profiles=All
role1::::type=role;profile=p1

Check the 3th line. I modified the account jz accroding to root. So I expecting the account jz have the same power as root. But it do not have. May I know why? Any thing more need to do? Thanks for your help in advance

Mingwei Li
  • 63
  • 1
  • 1
  • 6

1 Answers1

0

That's not how it works.

Judging from the format of your user_attr file it looks like you're using Solaris 11 (that is, it looks the same as my S11 and significantly different from my S10 installs). In Solaris 11 root is a role, not a user.

  • You should not be editing user_attr or any RBAC files directly.
  • The recommended way to elevate to root is with sudo (pfexec and pf-shells are deprecated).
  • The recommended way to modify roles and profiles is with usermod.

You'll need to add the profile Primary Administrator and the role root to the user jz:

usermod -P +"Primary Administrator" -R +root jz

You should remove the line you added manually before issuing that command. See usermod(1M) for more information.

bahamat
  • 6,263
  • 24
  • 28
  • Acctually, my os is solaris 8. And I checked the root. It`s a user not a role. `bash-2.03# grep root /etc/user_attr root::::type=normal;auths=solaris.*,solaris.grant;profiles=All` – Mingwei Li Aug 01 '12 at 06:10