Hi,
I have created a user to shutdown the server using RBAC.
Here are my steps:
- roleadd -u 1000 -g 10 -d /home/stopsys -m stopsys
- passwd stopsys
- edit /etc/security/prof_attr to include:
Shut:::able to shut the server: - modrole -P Shut stopsys
- useradd -u 1001 -g 10 -d /home/user10 -m -R stopsys -s /bin/ksh user10
- passwd user10
edit /etc/security/exec_attr to include:
Shut:suser:cmd:::/usr/sbin/shutdown:uid=0
Now, when I login & execute the shutdown cmd, I get this:
/usr/sbin/shutdown: Only root can run /usr/sbin/shutdown
But the relavent files have been updated as follows:
#tail -1 /etc/security/prof_attr
Shut:::Shutdown the Server:
# tail -2 /etc/user_attr
stopsys::::type=role;profiles=Shut
user10::::type=normal;roles=stopsys
# tail -1 /etc/security/exec_attr
Shut:suser:cmd:::/usr/sbin/shutdown:uid=0
Would you be able to find the issue here ?
Thanks in advance.
Chaandana