You are currently on IBM Systems Media’s archival website. Click here to view our new website.

AIX > Administrator > Systems Management

Privileges Granted as Needed


 

Traditionally, the UNIX system root user has maximum privileges and this user is the only one who can run, kill or execute any program in any secure level. When a regular user needs to execute a privileged task, it becomes inevitable he or she receive super user access. This can be troublesome because when a regular user takes additional privileges her or she is given chance to hack the system. A regular user with privileged access may sometimes violate the need and misuse the privileges as well. Some tools, like sudo, have been developed to address this issue, but none have been an end-all solution.

In AIX 6.1, IBM introduced Role Based Access Control (RBAC), which addresses many of the security and auditing concerns of sudo. In this article, we’ll review sudo and then outline how you can migrate to RBAC to improve your organization’s administration model.

What is sudo?

In the traditional UNIX-administrator model, the root password is shared among users who execute administrative jobs, and only the root user is capable of performing privileged functions. However, there are some tools like sudo, which allows regular users to behave like a root or super user and provides access control through a configuration file. Users are configured by sudo to allow specific set of commands. The configuration file is usually referred to as sudoers file. This file comprises of two entries, which are aliases and the user specifications in Extended Backus-Naur form. Using configuration file /etc/sudoers the commands are grouped into sets and users are assigned to command sets. sudo is a good solution to normal user for root access, however it has its limitations.

 

George M Koikara is a senior programmer in AIX development and has worked across multiple technologies in AIX. He is an expert on security and in particular trusted computing and multilevel-based security. He led and developed many of the security features of AIX 6.1.

R. Vidya is advisory software engineer working on AIX security development in India Software Labs.



Like what you just read? To receive technical tips and articles directly in your inbox twice per month, sign up for the EXTRA e-newsletter here.



Advertisement

Advertisement

2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

AIX > ADMINISTRATOR > SYSTEMS MANAGEMENT

How to Download Fixes

ADMINSTRATOR > SYSTEMS MANAGEMENT

Understand your options for 12X PCIe I/O drawers

clmgr: A Technical Reference

PowerHA SystemMirror 7.1 introduces a robust CLI utility

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters