Another sophisticated permissions technique is the conditional access rule. For example, suppose you have a very secure version of the su command called securedSU that uses a fingerprint reader to verify the user's identity before allowing the user to become a superuser.
One way to ensure that UserX can become superuser only under that program is to set a conditional access rule as follows: (Before setting the rule, you must also set defaccess(none) for USER.root.)
authorize SURROGATE USER.root uid(UserX) via(pgm(securedSU))
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|