Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
141142143144145146147148149150
Table 8-5 HP-UX RBAC Manpages (continued)
DescriptionManpage
Describes authadm functionality and syntax.authadm(1m)
Describes cmdprivadm functionality and syntax.cmdprivadm(1m)
Describes rbacdbchk functionality and syntax.rbacdbchk(1m)
Overview of various privileged system shells.privsh(5m)
Configuration file for Role Based Access Control.rbac.conf(4m)
Configuration file for the keystroke logging module.key_filter(4m)
8.3.5 HP-UX RBAC Architecture
The primary component of HP-UX RBAC is the privrun command, which invokes existing
commands, applications, and scripts. The privrun command uses the ACPS subsystem
to make access control requests. An access request is granted or denied based on a set
of configuration files that define user-to-role and role-to-authorization mappings.
If the access request is granted, privrun invokes the target command with additional
privileges, which can include one or more of either a UID, GID, fine-grained privileges,
and compartments. The privileges are configured to enable the target command to run
successfully.
Figure 8-1 shows the HP-UX RBAC architecture.
8.3 HP-UX RBAC Components 149