Summary

In this chapter you learned about Role-Based Access Control (RBAC), which allows the system administrator to delegate administrative responsibilities to users without having to divulge the root password. A number of profiles allow privileges to be grouped together so that a user can easily be granted a restricted set of additional privileges. There are four main RBAC databases that interact with each other to provide users with access to privileged operations:

• /etc/security/auth_attr Defines authorizations and their attributes and identifies the associated help file.

• /etc/security/exec_attr Defines the privileged operations assigned to a profile.

• /etc/security/prof_attr Defines the profiles, lists the profile's assigned authorizations, and identifies the associated help file.

• /etc/user_attr Associates users and roles with authorizations and execution profiles.

Also in this chapter, you learned about the system logging facility (syslog) and the configuration that facilitates routing of system messages according to specific criteria, as well as determining where the messages are logged. The logger command was covered, which allows the system administrator to enter ad-hoc messages into the system log files.