| blob | fa732a8435c2e1f892096192e6c77df0641f97ab |
1 '\" te
2 .\" Copyright (c) 2001, Sun Microsystems, Inc. All Rights Reserved
3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
6 .TH ROLES 1 "Jan 7, 2018"
7 .SH NAME
8 roles \- print roles granted to a user
9 .SH SYNOPSIS
10 .LP
11 .nf
12 \fBroles\fR [ \fIuser\fR ]...
13 .fi
15 .SH DESCRIPTION
16 .LP
17 The \fBroles\fR command prints on standard output the roles that you or the
18 optionally-specified user have been granted. Roles are special accounts that
19 correspond to a functional responsibility rather than to an actual person
20 (referred to as a normal user).
21 .sp
22 .LP
23 Each user may have zero or more roles. Roles have most of the attributes of
24 normal users and are identified like normal users in \fBpasswd\fR(4) and
25 \fBshadow\fR(4). Each role must have an entry in the \fBuser_attr\fR(4) file
26 that identifies it as a role. Roles can have their own authorizations and
27 profiles. See \fBauths\fR(1) and \fBprofiles\fR(1).
28 .sp
29 .LP
30 Roles are not allowed to log into a system as a primary user. Instead, a user
31 must first log in as a normal user and assume the role. The actions of a role
32 are attributable to the normal user. The audited
33 events of the role contain the audit \fBID\fR of the original user who assumed
34 the role.
35 .sp
36 .LP
37 A role may not assume itself or any other role. Roles are not hierarchical.
38 However, rights profiles (see \fBprof_attr\fR(4)) are hierarchical and can be
39 used to achieve the same effect as hierarchical roles.
40 .sp
41 .LP
42 Roles must have valid passwords and one of the shells that interprets profiles:
43 either \fBpfcsh\fR, \fBpfksh\fR, or \fBpfsh\fR. See \fBpfexec\fR(1).
44 .sp
45 .LP
46 Role assumption may be performed using \fBsu\fR(1M), \fBrlogin\fR(1), or some
47 other service that supports the \fBPAM_RUSER\fR variable. Successful assumption
48 requires knowledge of the role's password and membership in the role. Role
49 assignments are specified in \fBuser_attr\fR(4).
50 .SH EXAMPLES
51 .LP
52 \fBExample 1\fR Sample output
53 .sp
54 .LP
55 The output of the \fBroles\fR command has the following form:
57 .sp
58 .in +2
59 .nf
60 example% \fBroles tester01 tester02\fR
61 tester01 : admin
62 tester02 : secadmin, root
63 example%
64 .fi
65 .in -2
66 .sp
68 .SH EXIT STATUS
69 .LP
70 The following exit values are returned:
71 .sp
72 .ne 2
73 .na
74 \fB\fB0\fR \fR
75 .ad
76 .RS 6n
77 Successful completion.
78 .RE
80 .sp
81 .ne 2
82 .na
83 \fB\fB1\fR \fR
84 .ad
85 .RS 6n
86 An error occurred.
87 .RE
89 .SH FILES
90 .LP
91 \fB/etc/user_attr\fR
92 .sp
93 .LP
94 \fB/etc/security/auth_attr\fR
95 .sp
96 .LP
97 \fB/etc/security/prof_attr\fR
98 .SH SEE ALSO
99 .LP
100 \fBauths\fR(1), \fBpfexec\fR(1), \fBprofiles\fR(1), \fBrlogin\fR(1),
101 \fBsu\fR(1M), \fBauth_attr\fR(4), \fBpasswd\fR(4),
102 \fBprof_attr\fR(4), \fBshadow\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5)