Limiting Access Control
While the traditional security UNIX model is typically viewed as all-or-nothing, you can use alternative tools to provide some additional flexibility. These tools provide the mechanisms needed to create a fine grain access control to individual resources, such as different UNIX commands. For example, this toolset enables Portal Server to be run as root, while allowing certain users and roles superuser privileges to start, stop, and maintain the Portal Server framework.
These tools include:
-
Role-Based Access Control (RBAC). Solaris 8 and higher include the Role-Based Access Control (RBAC) to package superuser privileges and assign them to user accounts. RBAC enables separation of powers, controlled delegation of privileged operations to users, and a variable degree of access control.
-
Sudo. Sudo is publicly available software that enables a system administrator to give certain users the ability to execute a command as another user. See:
http://www.courtesan.com/sudo/sudo.html
- © 2010, Oracle Corporation and/or its affiliates