Your manager wants to implement RBAC functionality. Your shop uses a UNIX system

Question

Your manager wants to implement RBAC functionality. Your shop uses a UNIX system. You do not have a system with an implementation of RBAC available to you. You have the basic capabilities of UNIX/LINUX at your disposal for access control. You also have access control list functionality and sudo available. Discuss how far you can go implementing RBAC functionality with the tools at your disposal? What RBAC functionality would be difficult or not practical to implement?

Your manager wants to implement RBAC functionality. Your shop uses a UNIX system. You do not have a system with an implementation of RBAC available to you. You have the basic capabilities of UNIX/LINUX at your disposal for access control. You also have access control list functionality and sudo available. Discuss how far you can go implementing RBAC functionality with the tools at your disposal? What RBAC functionality would be difficult or not practical to implement?

Explanation / Answer

Simple. Design the roles you need. Give them each a name in a sensible and consistent naming pattern. Create a group account for each of those roles. Assign users as members of the groups as appropriate for their role(s).

Then, in sudoers, assign the set of permitted commands for sudo based upon the need of the name role ("%group" permissions).

Then, assign FACLs the the files and/or directories and/or remote filesystem mounts that pertain to those same groups.

Thus,

group == role

role == group

Make sure that groups that are role-based are prohibited from having any other meaning in your organisation.

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.