Chapter 14: Managing Access Control and System Messaging

Overview

The conventional UNIX security model that we discussed in Chapter 7 is called the superuser security model, because there is only one almighty administrator with the root account, also referred to as superuser. The superuser has all the rights on the system, such as to modify the site's firewall, to read and modify confidential data, and to shut down the whole network. A program with the root privilege (or setuid program) can read and write to any file and send kill signals to any process running on the system. That means a hacker who hijacks the root account or a setuid program can do anything to the system—a frightening scenario indeed.

As a solution to this problem, Solaris offers a role-based access control (RBAC) security model for controlling user access to tasks normally restricted to the superuser. The RBAC model offers a more secure and flexible alternative to the superuser model by allowing the security rights to be assigned to what is called a role, and then assigning the role to a user. This way, you can distribute the administrative rights over a whole spectrum of roles, rather than centralizing all the power in one user (the superuser). One of the important (security-related) tasks for a system administrator is to "listen" to the system and take appropriate actions. The system communicates with the system administrator by using system message logging (syslog), which automatically saves (logs) various system errors and warnings in the message files.

The core issue in this chapter to think about is how to use the RBAC security model and the syslog. In search of an answer, we will explore three thought streams: understanding the fundamentals of RBAC and syslog, managing RBAC, and managing syslog.