From pingtomi at pingtomi.hu Wed Jul 7 14:45:03 2010 From: pingtomi at pingtomi.hu (=?iso-8859-2?Q?Orosz_Tam=E1s?=) Date: Wed, 7 Jul 2010 14:45:03 +0200 Subject: [rsbac] assign role to group Message-ID: <0e5501cb1dd2$382493d0$a86dbb70$@pingtomi.hu> Hi All, I have a lot of general users, in one unix group, and I would like to assign a custom role for all users. It would be very easy, if I could assign a role for that group - but as I see, I can not do this. Do you have any idea, or recommendation, how can I accomplish this? I wouldn't assign the role in every time one by one, when add a new user. Unfortunately, they have to log in, and have a shell, because they use a terminal based local application via telnet/ssh. Thanks for your help, Tamas From ao at rsbac.org Wed Jul 7 21:01:36 2010 From: ao at rsbac.org (Amon Ott) Date: Wed, 7 Jul 2010 21:01:36 +0200 Subject: [rsbac] assign role to group In-Reply-To: <0e5501cb1dd2$382493d0$a86dbb70$@pingtomi.hu> References: <0e5501cb1dd2$382493d0$a86dbb70$@pingtomi.hu> Message-ID: <201007072101.36466.ao@rsbac.org> On Wednesday 07 July 2010 wrote Orosz Tam?s: > I have a lot of general users, in one unix group, and I would like to > assign a custom role for all users. It would be very easy, if I could > assign a role for that group - but as I see, I can not do this. Do you have > any idea, or recommendation, how can I accomplish this? I wouldn't assign > the role in every time one by one, when add a new user. > Unfortunately, they have to log in, and have a shell, because they use a > terminal based local application via telnet/ssh. Linux groups are not fully kernel controlled, so we do not trust them. The easiest way is to integrate the role assignment into the script that creates the user. Our trick is to take role 0, the default role, as the main user role in our products and use different roles for all system accounts. If they use a single application, you can also make that app their shell and assign a role to the program. Amon. -- http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22