Originally posted by: SystemAdmin

1) Can we block the users at the File system level ?
( Ex:- A User can execute the command like ( zip,rm,mv,cp,find etc) only on /usr , /opt , /var
But not on /Oracle , /Sap etc... )
2) Can we block the user at the Volume Group level ?
3) Can we Enable the history logging for roles ?

Please suggest Me
Thank you.
#AIX-Forum

Originally posted by: nicofr

Hello,

No with RBAC, you can only define a set of command for users.

But a standard user should normally not access to /oracle if the rights have been set correctly on the file system and the umask set to 027 for example.

It's just a story of rights, acl, ...

Regards,

Nico
#AIX-Forum

Originally posted by: SystemAdmin

Hi Nic,
Thank you very much can we achive this from ACL,
Is this is possilbe through ACL can you tell me how we can do this.

Thank you
Lokesh
#AIX-Forum

Originally posted by: nicofr

Hi,

First, we have to be really careful with ACL and read documents on it, prepare implementation, test it on sandbox before implement it in production.
Secondly, it could be dangerous for the system if you try to protect some "system" file system like /usr.
And at the end, some applications do not support ACL (Netbackup for example).

Security is important yes but too much security is not good for the system, the application and the users.

I can not give you good examples of ACL. But there are a lot of documents on Internet.

Regards,

Nico
#AIX-Forum