Chapter 13: Advanced Security Concepts

Overview

SOLARIS 9 EXAM OBJECTIVES COVERED IN THIS CHAPTER:

• Explain how to display and set Access Control Lists (ACLs) using the command line and create default ACLs.

• Explain fundamental concepts of role-based access control (RBAC), including rights, roles, profiles, authorizations, administrator profile shells, and RBAC databases.

• Explain how to build user accounts, rights profiles, and the role when managing RBAC.

Security is one of the most critical factors of any network operating system. It should come as no surprise to you that Solaris provides a very secure computing environment.

All Solaris security is based upon file access. If you want to open a document, you must have the proper permissions. To manage a slice on a hard disk, you need sufficient access to the file that represents that slice within Solaris.

As you learned in Chapter 5, "Files, Directories, and Security," Solaris provides three levels of access: Read, Write, and Execute. Those three permissions can be assigned in any combination to three different groups: the user who owns the file (owner), the group owner of the file (group), and everyone else (other). Although for the most part these basic permission structures are sufficient to manage security, in some cases this basic structure is limiting.

To address more complex security needs, Access Control Lists (ACLs) and role-based access control (RBAC) were developed. The extended security attributes used in ACLs still rely on the underlying Read, Write, and Execute permission structure, but afford the administrator additional flexibility in assigning permissions, such as to multiple groups. RBAC provides the administrator a tool to grant other users some administrative powers while maintaining overall system integrity.