You are currently on IBM Systems Media’s archival website. Click here to view our new website.

AIX > Administrator > Security

How-to Integrate Applications Into AIX RBAC


Step 13: Login and use the role to operate Apache HTTPD
RBAC is ready! Privileges were identified; authorizations made and the auth:priv pair assigned to a command; role created and assigned to a user. Now, have the user login; activate the role; and go-go-go! Note: Don’t continue to use the old httpd_op shell, because the shell is elevated; and changes to user attributes (such as roles) are not seen until the next login.

*******************************************************************************                                                                          *										    *
*                                                                             *
*  Welcome to AIX Version 6.1!                                                *
*                                                                             *
*                                                                             *
*  Please see the README file in /usr/lpp/bos for information pertinent to    *
*  this release of the AIX Operating System.                                  *
*                                                                             *
*                                                                             *
*******************************************************************************

Last login: Wed Sep  5 13:49:04 GMT+02:00 2012 on /dev/pts/3 from felt45.xfeltx.nl
httpd_op@x103:[/home/httpd_op]apachectl start
(13)Permission denied: AH00072: make_sock: could not bind to address [::]:80
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
httpd_op@x103:[/home/httpd_op]swrole apacheops
httpd_op@x103:[/home/httpd_op]apachectl start 
httpd_op@x103:[/home/httpd_op]apachectl stop

RBAC Basics

This example displays the basic procedure needed to install and integrate an application so that super-user access isn’t needed for application-management tasks. Rather than rely on traditional *IX group-based and SUID (to super-user) access controls, AIX RBAC mechanisms provide fine-grained (least privilege principle) access control to executables.

Editor’s note: Michael AM Felt will be speaking about "RBAC integration—No looking Back" at the Power Technical University Oct. 22-26, 2012, in Dublin, Ireland. He will present a lab with additional steps to protect/manage application configuration files (e.g., /var/httpd/httpd.conf) and problem resolution.



Advertisement

Advertisement

2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Hardening the Cloud

Security considerations to protect your organization

Verify System Integrity

AIX 6.1 and Trusted Execution help ensure secure systems

A Bankable Solution

AIX Cryptographic Services improves security while simplifying administration

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters