[rsbac] assign role to group
Amon Ott
ao at rsbac.org
Wed Jul 7 21:01:36 CEST 2010
On Wednesday 07 July 2010 wrote Orosz Tamás:
> I have a lot of general users, in one unix group, and I would like to
> assign a custom role for all users. It would be very easy, if I could
> assign a role for that group - but as I see, I can not do this. Do you have
> any idea, or recommendation, how can I accomplish this? I wouldn't assign
> the role in every time one by one, when add a new user.
> Unfortunately, they have to log in, and have a shell, because they use a
> terminal based local application via telnet/ssh.
Linux groups are not fully kernel controlled, so we do not trust them.
The easiest way is to integrate the role assignment into the script that
creates the user. Our trick is to take role 0, the default role, as the main
user role in our products and use different roles for all system accounts.
If they use a single application, you can also make that app their shell and
assign a role to the program.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list