1roles(1)                         User Commands                        roles(1)
2
3
4

NAME

6       roles - print roles granted to a user
7

SYNOPSIS

9       roles [ user ]...
10
11

DESCRIPTION

13       The  command  roles prints on standard output the roles that you or the
14       optionally-specified user have been granted. Roles are special accounts
15       that correspond to a functional responsibility rather than to an actual
16       person (referred to as a normal user).
17
18
19       Each user may  have  zero  or  more  roles.  Roles  have  most  of  the
20       attributes  of  normal  users  and  are identified like normal users in
21       passwd(4)  and  shadow(4).  Each  role  must  have  an  entry  in   the
22       user_attr(4)  file  that  identifies it as a role. Roles can have their
23       own authorizations and profiles. See auths(1) and profiles(1).
24
25
26       Roles are not allowed to log into a system as a primary user.  Instead,
27       a  user must log in as him— or herself and assume the role. The actions
28       of a role are  attributable  to  the  normal  user.  When  auditing  is
29       enabled,  the  audited  events  of the role contain the audit ID of the
30       original user who assumed the role.
31
32
33       A role may not assume itself or any other role. Roles are  not  hierar‐
34       chical.  However,  rights  profiles (see prof_attr(4)) are hierarchical
35       and can be used to achieve the same effect as hierarchical roles.
36
37
38       Roles must have valid passwords and one of the shells  that  interprets
39       profiles: either pfcsh, pfksh, or pfsh. See pfexec(1).
40
41
42       Role assumption may be performed using su(1M), rlogin(1), or some other
43       service that supports the  PAM_RUSER  variable.  Successful  assumption
44       requires  knowledge  of the role's password and membership in the role.
45       Role assignments are specified in user_attr(4).
46

EXAMPLES

48       Example 1 Sample output
49
50
51       The output of the roles command has the following form:
52
53
54         example% roles tester01 tester02tester01 : admin
55         tester02 : secadmin, root
56         example%
57
58
59

EXIT STATUS

61       The following exit values are returned:
62
63       0     Successful completion.
64
65
66       1     An error occurred.
67
68

FILES

70       /etc/user_attr
71
72
73       /etc/security/auth_attr
74
75
76       /etc/security/prof_attr
77

ATTRIBUTES

79       See attributes(5) for descriptions of the following attributes:
80
81
82
83
84       ┌─────────────────────────────┬─────────────────────────────┐
85       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
86       ├─────────────────────────────┼─────────────────────────────┤
87       │Availability                 │SUNWcsu                      │
88       └─────────────────────────────┴─────────────────────────────┘
89

SEE ALSO

91       auths(1),  pfexec(1),  profiles(1),   rlogin(1),   su(1M),   getauuser‐
92       nam(3BSM),    auth_attr(4),    passwd(4),    prof_attr(4),   shadow(4),
93       user_attr(4), attributes(5)
94
95
96
97SunOS 5.11                        14 Feb 2001                         roles(1)