In this chapter you learned about Role-Based Access Control (RBAC), which allows the system administrator to delegate administrative responsibilities to users without having to divulge the root password. A number of profiles allow privileges to be grouped together so that a user can easily be granted a restricted set of additional privileges. Four main RBAC databases interact with each other to provide users with access to privileged operations:
- /etc/security/auth_attr: Defines authorizations and their attributes and identifies the associated help file.
- /etc/security/exec_attr: Defines the privileged operations assigned to a profile.
- /etc/security/prof_attr: Defines the profiles, lists the profile’s assigned authorizations, and identifies the associated help file.
- /etc/user_attr: Associates users and roles with authorizations and execution profiles.
Also in this chapter, you learned about the system logging facility (syslog) and the configuration that facilitates routing of system messages according to specific criteria, as well as determining where the messages are logged. The logger command was covered, which allows the system administrator to enter ad-hoc messages into the system log files.
- Execution profile
- RBAC databases (know about all four)
- Rights profile
- svcadm command