Forum Stats

  • 3,838,508 Users
  • 2,262,377 Discussions
  • 7,900,674 Comments

Discussions

How to deny execution of commands for specific user?

User_F0KAQ
User_F0KAQ Member Posts: 1 Red Ribbon

Hello,

I want to deny the execution of some commands for the user my_user using RBAC on Solaris 11.3.

For this I created the profile my_user_profile adding the line my_user_profile:::my_user Profile for whitelist: in /etc/security/prof_attr.

Then I assigned my_user_profile to my_user with usermod -P my_user_profle my_user. In /etc/security/exec_attr I assigned to my_user_profile commands to be executed by my_user.

After that I rebooted my server and tried to execute one command, that I didn't assign to my_user_profile. The execution of this command with my_user was possible, what I don't want.

I have this configuration: AUTHS_GRANTED=

                                        #PROFS_GRANTED=Basic Solaris User

                                        AUTHS_PROFS_GRANTED=

                                        #CONSOLE_USER=Console User

in /etc/security/policity.conf

Can someone help here?

Thanks!

King regards

Duval

Answers

This discussion has been closed.