In conventional UNIX[r] systems, root (also referred to as superuser) is all powerful, with the ability to read and write to any file, run all programs, and send kill signals to any process. In practical terms, this means that anyone who can become superuser has the power to modify a site's firewall, alter the audit trail, read through payroll and other confidential records, even bring down the entire network. It is no wonder that organizations no longer give out root passwords as freely as they used to.
Role-based access control (RBAC) is an alternative to the all-or-nothing superuser model. RBAC is in keeping with the security principle of least privilege, which states that no user should be given more privilege than necessary for performing that person's job. RBAC enables an organization to separate superuser capabilities and package them into special user accounts or roles for assignment to specific individuals according to their job needs. This enables a variety of security policies. Accounts can be set up for special-purpose administrators in such areas as security, networking, firewall, backups, and system operation. A site that prefers a single strong administrator but wants to let more sophisticated users fix portions of their own systems can set up an advanced-user role. As in many aspects of security, RBAC is not just a technology, it is a way of running a business. RBAC provides a means of reallocating system controls, but it is the organization that decides the implementation.
According to Joshi et al., in "Digital Government Security Infrastructure Design Challenges," Computer Magazine, February 2001, "Of the many technologies currently in development, RBAC models appear to be the most attractive solution for providing security features in a multidomain digital government infrastructure. RBAC features such as policy neutrality, principle of least privilege, and ease of management make them especially suitable candidates."
For a physical analogy illustrating the superuser model versus RBAC, consider a company where one pass key lets anyone into the building and all rooms are accessible. This is somewhat analogous to the superuser model: anyone with root password can do anything. If that company issues separate keys for utility areas such as the server room, network patch room, and boiler room, the situation is similar to an RBAC model (figure 1). The employees responsible for these areas have separate keys according to their job duties.
For the use of /etc/user_attr go to:
