sudo-rbac

From AIXTOOLS
Revision as of 12:24, 26 September 2017 by Michael Felt (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Packages|Tools|aixtools.sudo-rbac.1.8.21.1602.I
Report Issues (via Forums) and/or TWEET:@rootvgnet

MD5 Checksum

870B7B141F41CD88C4E3CF5704ECA93F aixtools.sudo-rbac.1.8.21.1602.I

Description

This wiki pages describes the goals and summarizes the progress of my (study) project to integrate "legacy" sudo with AIX enhanced RBAC mechanisms.

File Locations

To prevent filename collision with existing installations sudo-rbac files are located in /var rather than /etc. And, to further emphasize the sudo-rbac character - most of these are in /var/sudo-rbac. The "lecture" files and the "ts" files are in near normal locations.

root@x068:[/]lslpp -w | grep sudoers
  /opt/share/doc/sudo/examples/sudoers
  /opt/libexec/sudo/sudoers.la
  /opt/libexec/sudo/sudoers.so
  /usr/share/man/man5/sudoers.5
  /var/sudo-rbac/etc/sudoers.d
  /var/sudo-rbac/etc/sudoers.dist
  /var/sudo-rbac/etc/sudoers

root@x068:[/]ls -ld /etc/sudo*
ls: 0653-341 The file /etc/sudo* does not exist.

root@x068:[/]find /var -name michael
/var/lib/sudo/lectured/michael
/var/run/sudo/ts/michael

SUDO-RBAC Phase 1
GOAL ID Goals
G00001
  • remove need for SUID root as initial integration
  • use AIX role (at least one active) to indicate mode switch
Issue ID Description
I00001
  • if SUID root ignore AIX Enhanced RBAC
I00002
  • SUID to bin keeps euid==bin (euid==2) - modify
Goal-Issue met Description VRMF Date
G00001 Initial test version based on features on sudo-1.8.21p2 1.8.21.1602 26-Sept-2017
Personal tools
Namespaces

Variants
Actions
Navigation
Downloads
Toolbox