User Commands roles(1)
NAME
roles - print roles granted to a user
SYNOPSIS
roles [ user ]...
DESCRIPTION
The command roles prints on standard output the roles that
you or the optionally-specified user have been granted.
Roles are special accounts that correspond to a functional responsibility rather than to an actual person (referred to as a normal user).Each user may have zero or more roles. Roles have most of
the attributes of normal users and are identified like nor-
mal users in passwd(4) and shadow(4). Each role must have anentry in the user_attr(4) file that identifies it as a role.
Roles can have their own authorizations and profiles. See auths(1) and profiles(1). Roles are not allowed to log into a system as a primaryuser. Instead, a user must log in as him- or herself and
assume the role. The actions of a role are attributable to the normal user. When auditing is enabled, the audited events of the role contain the audit ID of the original user who assumed the role. A role may not assume itself or any other role. Roles are not hierarchical. However, rights profiles (seeprof_attr(4)) are hierarchical and can be used to achieve
the same effect as hierarchical roles.
Roles must have valid passwords and one of the shells that interprets profiles: either pfcsh, pfksh, or pfsh. See pfexec(1). Role assumption may be performed using su(1M), rlogin(1), orsome other service that supports the PAM_RUSER variable.
Successful assumption requires knowledge of the role's pass-
word and membership in the role. Role assignments are speci-
fied in user_attr(4).
EXAMPLES
Example 1 Sample outputSunOS 5.11 Last change: 14 Feb 2001 1
User Commands roles(1)
The output of the roles command has the following form:
example% roles tester01 tester02tester01 : admin
tester02 : secadmin, rootexample%
EXIT STATUS The following exit values are returned: 0 Successful completion. 1 An error occurred. FILES/etc/user_attr
/etc/security/auth_attr
/etc/security/prof_attr
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcs ||_____________________________|_____________________________|
SEE ALSO
auths(1), pfexec(1), profiles(1), rlogin(1), su(1M),auth_attr(4), passwd(4), prof_attr(4), shadow(4),
user_attr(4), attributes(5)
SunOS 5.11 Last change: 14 Feb 2001 2