This blog, written by Michael Felt, discusses AIX security topics. Articles on IBM AIX security including PowerSC, AIX RBAC, AIX shell scripting, passwords and user security. RBAC or Role Based Access Control has been available in AIX since starting with AIX Prior to that, access control is AIX was the same as for any .
|Published (Last):||15 May 2010|
|PDF File Size:||16.61 Mb|
|ePub File Size:||19.3 Mb|
|Price:||Free* [*Free Regsitration Required]|
As you proceed through the steps remember to verify that the application is working when started as root.
If an application does not work when root starts it you can assume the issue with the application is not an access problem but something else that needs to be solved first.
Install an application, e. This can be done from any source.
The file paths used i. Start investigating Now you are ready to start investigating what a non-root user can and cannot do with regard to starting and stopping rac services.
Start with the user we just created. Since this user, httpd, owns all the files all normal access rights read, write, execute should be available where appropriate. If everything was working during Step 4 any startup problems we see here must be related to a lack of one or more privileges.
This example shows aiix as the user httpd the installed modules can be listed apachectl -l but I cannot start the full-service.
How-to Integrate Applications Into AIX RBAC
Error AH indicates user httpd lacks sufficient authority to bind to port However, for a real environment, the data owner and application management user identities should be different. Exit from the su – httpd shell and return to root access. The httpd account is meant to be an owning, not an operational, account.
To prevent anyone from giving su access to the httpd account, make the following changes the PS1 prompts are changed to clarify which identity is active:.
Non-root users will be additionally be blocked by the attributes login, rlogin,su and sugroups. Establish an userid for application operations As root, create a new user identity that will be used to manage httpd services, e.
Note that this account is not in the group httpd. Security considerations to protect your organization. AIX Cryptographic Services rgac security while simplifying administration.
AIX for System Administrators