Administrator's Guide
NOTE: See cmdprivadm(1M) for information on all of the cmdprivadm arguments.
Most arguments are optional and are filled in with reasonable defaults if nothing is
specified.
NOTE: To modify an existing entry in the /etc/rbac/cmd_priv file, you must first
delete the entry and then add the updated version back in. When you use cmdprivadm
to delete entries, arguments act as filters. For example, specifying the cmdprivadm
delete op=foo command removes all entries where the operation is foo. As a result
of this, when you use cmdprivadm to delete entries, be careful to ensure that you specify
sufficient arguments to uniquely identify the entries to be removed.
8.5.4 Configuring HP-UX RBAC with Fine-Grained Privileges
Applications communicate with the system's resources using system calls, allowing the
operating system access to system resources. Certain system calls require special, elevated
privileges for the application to access the operating system and system hardware.
Before fine-grained privileges were available, UID=0 would satisfy as a special, elevated
privilege for certain system calls. If the UID was not 0, the system call was denied and
an application error returned.
HP-UX RBAC and specifically the privrun wrapper command allows non-root users to
acquire the level of special privileges or UID=0 required for running certain applications.
In addition to providing UID=0 to a non-root user in certain circumstances to run a
particular application, HP-UX RBAC can also use the fine-grained privileges to run
applications with additional privileges, but without UID=0.
You can use HP-UX RBAC to configure commands to run with only a select set of privileges
and with different sets of privileges for different users, all without UID=0. For example,
an administrator might need to run the foobar command with several privileges, and
a normal user might need far fewer privileges to run foobar.
Think of fine-grained privileges as "system call access control check keys." Rather than
checking for UID=0, the system call checks for a particular privilege. These fine-grained
privileges provide the ability to "lock" system calls and to control application access to
the operating system and hardware resources. Also, by splitting privileges into
finely-grained privileges, applications do not require all privileges to run—only a specific
privilege or set or privileges. Should an application process running with a particular
set of privileges be compromised, the potential damage is far less than it would be if the
process was running with UID=0.
NOTE: See privileges(5) for more information fine-grained privileges.
Use the cmdprivadm command and the privs option to configure commands for
privrun to wrap and run only with the specified privileges. The following is an example
cmdprivadm command that configures the /usr/bin/ksh command to run with the
160 HP-UX Role-Based Access Control