Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

31.4. Adding HBAC Service Groups

HBAC service groups can simplify HBAC rules management: instead of adding individual services to an HBAC rule, you can add a whole service group.
To add an HBAC service group, you can use:

Web UI: Adding an HBAC Service Group

  1. Select PolicyHost-Based Access ControlHBAC Service Groups.
  2. Click Add to add an HBAC service group.
  3. Enter a name for the service group, and click Add and Edit.
  4. On the service group configuration page, click Add to add an HBAC service as a member of the group.
    Adding HBAC Services to an HBAC Service Group

    Figure 31.7. Adding HBAC Services to an HBAC Service Group

Command Line: Adding an HBAC Service Group

  1. Use the ipa hbacsvcgroup-add command to add an HBAC service group. For example, to add a group named login:
    $ ipa hbacsvcgroup-add
    Service group name: login
    --------------------------------
    Added HBAC service group "login"
    --------------------------------
      Service group name: login
  2. Use the ipa hbacsvcgroup-add-member command to add an HBAC service as a member of the group. For example, to add the sshd service to the login group:
    $ ipa hbacsvcgroup-add-member
    Service group name: login
    [member HBAC service]: sshd
      Service group name: login
      Member HBAC service: sshd
    -------------------------
    Number of members added 1
    -------------------------