Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX System Administrator's Guide: Security Management: HP-UX 11i Version 3 > Chapter 9 HP-UX Role-Based Access Control

HP-UX RBAC Components


Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

Following is a list of the primary HP-UX RBAC components:

privrun wrapper command

Based on authorizations associated with a user, privrun invokes existing legacy applications with privileges after performing authorization checks and optionally re-authenticating the user and without modifying the application.

privedit command

Based on the authorizations associated with a user, privedit allows users to edit files they usually would not be able to edit because of file permissions or Access Control Lists (ACLs).

Access Control Policy Switch (ACPS)

Determines whether a subject is authorized to perform an operation on an object.

Access Control Policy Module

Evaluates HP-UX RBAC databases files and applies mapping policies to service access control requests.

management commands

Edits and validates HP-UX RBAC database files.

The following sections discuss the HP-UX RBAC components in more detail.

HP-UX RBAC Access Control Policy Switch

The HP-UX RBAC Access Control Policy Switch is a customizeable interface between applications that must make access control decisions and the access control policy modules that provide decision responses after interpreting policy information in RBAC databases. As shown in Figure 9-1, from its location in the HP-UX RBAC architecture, the ACPS provides an interface between the access control policy modules and the applications that make access control decisions.

The ACPS has the following interfaces, described in detail in their respective manpages:

  • ACPS application programming interface (API)

  • ACPS service provider interface (SPI)

  • /etc/acps.conf

The administrative interface for the ACPS is the /etc/acps.conf configuration file. The /etc/acps.conf configuration file determines which policy modules the ACPS consults, the sequence in which the modules are consulted, and the rules for combining the module's responses to deliver a result to the applications that need access control decisions. This ACPS implementation allows you to create a module to enforce custom policy without modifying existing role-based access control applications.

NOTE: Refer to acps(4), acps.conf(4), acps_api(3), and acps_spi(3) for more information on the ACPS and its interfaces.

HP-UX RBAC Configuration Files

Table 9-3 lists and briefly describes the HP-UX RBAC files.

Table 9-3 HP-UX RBAC Configuration Files

Configuration File



Database file containing all valid authorizations.


privrun database file containing command and file authorizations and privileges.


Database file defining the authorizations for each role.


Database file defining all configured roles.


Database file defining the roles for each user.


Configuration file for the ACPS.


Audit filter file identifying specific HP-UX RBAC roles, operations, and objects to audit.


HP-UX RBAC Commands

Table 9-4 lists and briefly describes the HP-UX RBAC commands.

Table 9-4 HP-UX RBAC Commands




Invokes legacy application with privileges after performing authorization checks and optionally re-authenticating the user.


Allows authorized users to edit files that are under access control.


Edits of role information in the /etc/rbac/user_role, /etc/rbac/role_auth, and /etc/rbac/roles files.


Edits authorization information in the /etc/rbac/role_auth and /etc/rbac/roles files.


Edits command authorizations and privileges in the /etc/rbac/cmd_priv database.


Verifies authorizations and syntax in the HP-UX RBAC and privrun database files.


HP-UX RBAC Manpages

Table 9-5 lists and briefly describes the HP-UX RBAC manpages.

Table 9-5 HP-UX RBAC Manpages




Describes the HP-UX RBAC feature.


Describes the ACPS and its interfaces.


Describes the ACPS configuration file and its syntax.


Describes the ACPS Application Programming Interface.


Describes the ACPS Service Provider Interface.


Describes privrun functionality and syntax.


Describes privedit functionality and syntax.


Describes roleadm functionality and syntax.


Describes authadm functionality and syntax.


Describes cmdprivadm functionality and syntax.


Describes rbacdbchk functionality and syntax.


HP-UX RBAC Architecture

The primary component of HP-UX RBAC is the privrun command, which invokes existing commands, applications, and scripts. The privrun command uses the ACPS subsystem to make access control requests. An access request is granted or denied based on a set of configuration files that define user-to-role and role-to-authorization mappings.

If the access request is granted, privrun invokes the target command with additional privileges, which can include one or more of either a UID, GID, fine-grained privileges, and compartments. The privileges are configured to enable the target command to run successfully.

Figure 9-1 shows the HP-UX RBAC architecture.

Figure 9-1 HP-UX RBAC Architecture

HP-UX RBAC Architecture

HP-UX RBAC Example Usage and Operation

Figure 9-2 and the subsequent footnotes show a sample invocation of privrun and the configuration files that privrun uses to determine whether a user is allowed to invoke a command.

Figure 9-2 Example Operation After Invoking privrun

Example Operation After
Invoking privrun
  1. A process, specifically a shell, associated with the user executes privrun with the goal of executing a target command with elevated privilege.

  2. The target command line (command and arguments) is explicitly passed to privrun, and the UID of the invoking user is implicitly passed by the process context.

  3. privrun attempts to find a match (or set of matches) within the /etc/rbac/cmd_priv database for the specified command line. Each matching entry also specifies a required authorization (operation, object pair) and the resulting privileges if the user has the specified authorization.

  4. privrun makes a call (for each matching /etc/rbac/cmd_priv entry) to the ACPS. The HP-UX RBAC back end of the ACPS consults the /etc/rbac/user_role and /etc/rbac/role_auth databases to determine whether the user has the specified authorization, and passes this result back to privrun.

  5. Assuming that the user associated with the process has the required authorization specified in the /etc/rbac/cmd_priv database for the requested command, privrun will drop all privileges except those specified in the /etc/rbac/cmd_priv entry and execute the requested command. The privrun command is set to UID=0 and starts with all necessary privileges.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2008 Hewlett-Packard Development Company, L.P.