1roles(1) User Commands roles(1)
2
3
4
6 roles - print roles granted to a user
7
9 roles [ user ]...
10
11
13 The command roles prints on standard output the roles that you or the
14 optionally-specified user have been granted. Roles are special accounts
15 that correspond to a functional responsibility rather than to an actual
16 person (referred to as a normal user).
17
18
19 Each user may have zero or more roles. Roles have most of the
20 attributes of normal users and are identified like normal users in
21 passwd(4) and shadow(4). Each role must have an entry in the
22 user_attr(4) file that identifies it as a role. Roles can have their
23 own authorizations and profiles. See auths(1) and profiles(1).
24
25
26 Roles are not allowed to log into a system as a primary user. Instead,
27 a user must log in as him— or herself and assume the role. The actions
28 of a role are attributable to the normal user. When auditing is
29 enabled, the audited events of the role contain the audit ID of the
30 original user who assumed the role.
31
32
33 A role may not assume itself or any other role. Roles are not hierar‐
34 chical. However, rights profiles (see prof_attr(4)) are hierarchical
35 and can be used to achieve the same effect as hierarchical roles.
36
37
38 Roles must have valid passwords and one of the shells that interprets
39 profiles: either pfcsh, pfksh, or pfsh. See pfexec(1).
40
41
42 Role assumption may be performed using su(1M), rlogin(1), or some other
43 service that supports the PAM_RUSER variable. Successful assumption
44 requires knowledge of the role's password and membership in the role.
45 Role assignments are specified in user_attr(4).
46
48 Example 1 Sample output
49
50
51 The output of the roles command has the following form:
52
53
54 example% roles tester01 tester02tester01 : admin
55 tester02 : secadmin, root
56 example%
57
58
59
61 The following exit values are returned:
62
63 0 Successful completion.
64
65
66 1 An error occurred.
67
68
70 /etc/user_attr
71
72
73 /etc/security/auth_attr
74
75
76 /etc/security/prof_attr
77
79 See attributes(5) for descriptions of the following attributes:
80
81
82
83
84 ┌─────────────────────────────┬─────────────────────────────┐
85 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
86 ├─────────────────────────────┼─────────────────────────────┤
87 │Availability │SUNWcsu │
88 └─────────────────────────────┴─────────────────────────────┘
89
91 auths(1), pfexec(1), profiles(1), rlogin(1), su(1M), getauuser‐
92 nam(3BSM), auth_attr(4), passwd(4), prof_attr(4), shadow(4),
93 user_attr(4), attributes(5)
94
95
96
97SunOS 5.11 14 Feb 2001 roles(1)