User access restriction tool
My company is dealing with very sensitive and secret information so we need to implement some security measures. My task is the OS and particularly the UNIX family. Now I need to make sure that the users have just enough access to do the stuff they need to. For instance, if a user needs to read some log files using cat or tail, that's all I want him to do.
We use SuSE 10 as our distro of choice (it's not my call, so we have to assume it can not be changed RHEL or sth else). I tried to implement it using apparmor but I can't figured out how it works, especially the restricted shell is not as flexible as I hoped it would be. Does anyone have any experience doing this?
We'd rather have a rbac (role-based access control solution to make the administration easier. So what do you suggest? Any help is appreciated.