Laurent Blume wrote:
Fabrice Bacchella wrote:
RBAC ?
Si une doc pour RBAC existe, je suis preneur!
lu sur comp.unix.solaris:
# Allow user to shutdown system from Gnome
#
echo "Setting up file permissions"
mkdir -p /var/lock/console
touch /var/lock/console/<username>
echo "rootRBAC:::User RBAC for root script" >>/etc/security/prof_attr
#
echo "<username>::::type=normal;profiles=rootRBAC" >>/etc/user_attr
#
echo "# RBAC Access for users" >>/etc/security/exec_attr
echo "rootRBAC:suser:cmd:::/usr/local/bin/userhalt:uid=0"
>>/etc/security/exec_attr
echo "rootRBAC:suser:cmd:::/usr/sbin/init:uid=0" >>/etc/security/exec_attr
echo "rootRBAC:suser:cmd:::/usr/sbin/reboot:uid=0" >>/etc/security/exec_attr
echo "rootRBAC:suser:cmd:::/usr/sbin/poweroff:uid=0" >>/etc/security/exec_attr
# build a reboot
#
mv /usr/sbin/reboot /usr/sbin/reboot.orig
echo "#!/usr/bin/pfksh" >/usr/sbin/reboot
echo "/usr/sbin/init 6" >>/usr/sbin/reboot
chmod 4755 /usr/sbin/reboot
#
# build a poweroff
#
mv /usr/sbin/poweroff /usr/sbin/poweroff.orig
echo "#!/usr/bin/pfksh" >/usr/sbin/poweroff
echo "/usr/sbin/init 5" >>/usr/sbin/poweroff
chmod 4755 /usr/sbin/poweroff
et un commentaire: si "poweroff", c'est mal, pourquoi laisser cette commande?
_______________________________________________
Solaris_fr liste de diffusion en français pour Solaris, sur toutes architectures
[email protected]
http://x86.sun.com/mailman/listinfo/solaris_fr
