Contains the list of valid roles. This system file only applies to AIX Versions 4.2.1 and later.
The /etc/security/roles file contains the list of valid roles. This is an ASCII file that contains a stanza for each system role. Each stanza is identified by a role name followed by a : (colon) and contains attributes in the form Attribute=Value. Each attribute pair ends with a newline character as does each stanza.
The file supports a default stanza. If an attribute is not defined, the default value for the attribute is used.
A stanza contains the following attributes:
|rolelist||Contains a list of roles implied by this role and allows a role to function as a super-role. If the rolelist attribute contains the value of "role1,role2", assigning the role to a user also assigns the roles of role1 and role2 to that user.|
|authorizations||Contains the list of additional authorizations acquired by the user for this specific role.|
|groups||Contains the list of groups that a user should belong to in order to effectively use this role. The user must be added to each group in this list for this role to be effective.|
|screens||Contains a list of SMIT screen identifiers that allow a role to be mapped to various SMIT screens. The default value for this attribute is * (all screens).|
|msgcat||Contains the file name of the message catalog that contains the one-line descriptions of system roles.|
|msgnum||Contains the message ID that retrieves this role description from the message catalog.|
|For a typical stanza, see the "Examples" stanza.|
You should access this file through the commands and subroutines defined for this purpose. You can use the following commands to change the roles file:
The mkrole command creates an entry for each new role in the /etc/security/roles file. To change the attribute values, use the chrole command. To display the attributes and their values, use the lsrole command. To remove a role, use the rmrole command.
To write programs that affect attributes in the /etc/security/roles file, use the subroutines listed in Related Information.
Access Control: This file grants read and write access to the root user, and read access to members of the security group.
A typical stanza looks like the following example for the ManageAllUsers role:
rolelist = ManageBasicUsers authorizations = UserAdmin,RoleAdmin,PasswdAdmin,GroupAdmin groups = security screens = mkuser,rmuser,!tcpip
This file is part of the Base Operating System (BOS) Runtime.
|/etc/security/roles||Contains the list of valid roles.|
|/etc/security/user.roles||Contains the list of roles for each user.|
|/etc/security/smitacl.group||Contains the group ACL definitions.|
|/etc/security/smitacl.user||Contains the user ACL definitions.|
The chrole command, lsrole command, mkrole command, rmrole command.
The getroleattr subroutine, nextrole subroutine, putroleattr subroutine, setroledb subroutine, endroledb subroutine.