Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
141142143144145146147148149150
Table 8-2 Example of Authorizations Per Role (continued)
RoleOperation Component of
Authorization
hpux.user.delete
hpux.user.modify
hpux.user.password.modify
hpux.network.nfs.start
hpux.network.nfs.stop
hpux.network.nfs.config
hpux.fs.backup
hpux.fs.restore
NOTE: Table 8-2 shows only the operation element of the authorizations—not the object
element of the authorization.
8.3 HP-UX RBAC Components
Following is a list of the primary HP-UX RBAC components:
privrun wrapper command Based on authorizations associated with a user,
privrun invokes existing legacy applications
with privileges after performing authorization
checks and optionally re-authenticating the user
and without modifying the application.
privedit command Based on the authorizations associated with a
user, privedit allows users to edit files they
usually would not be able to edit because of file
permissions or Access Control Lists (ACLs).
Privilege shells Privilege shells (privsh, privksh, and
privcsh) that automatically invoke the access
control subsystem to run commands with privileges
when appropriate.
management commands Edits and validates HP-UX RBAC database files.
Access Control Policy Switch (ACPS) Determines whether a subject is authorized to
perform an operation on an object.
Access Control Policy Module
(ACPM)
Evaluates HP-UX RBAC databases files and applies
mapping policies to service access control
requests.
146 HP-UX Role-Based Access Control