(mis)using RBAC...

All,

I was recently charged with setting up RBAC so that the group I work
with will 'su to root' less often.

The first project I've picked is to either establish a role and/or
profile that will allow a normal user to start and stop our
webservers. Here is what I came up with, bypassing the concept of a
'role'...

1) I created a profile called "Web Administration" 
in /etc/security/prof_attr
Web Administration:::Role for restarting webservers::

2) I gave the profile the ability to run the start and stop webserver
scripts as root:
in /etc/security/exec_attr
Web Administration:suser:cmd:::/opt/app/iplanet/https-myserver/start:uid=0
Web Administration:suser:cmd:::/opt/app/iplanet/https-myserver/stop:uid=0

3) I then added the role to my account on the server in /etc/user_attr:
jkatz::::type=normal;profiles=Web Administration,Basic Solaris User

4) Finally, I changed my shell to /bin/pfcsh. Now, with my regular
user account I can start and restart our webservers.

My questions are, is this a normal practice (are there other people
doing it) and is it supported? What unintended consequences am I
missing? I understand that if a user's account is compromised, the
webserver services can be stopped and started at-will. I also
understand that our sysadmin group will be restricted to using
pfcsh/pfksh/pfsh and cannot use bash or tcsh (although we can still
leave those set, type 'exec pfsh' and then do what we need to do as
the Profile.)

Thanks!

-- 
-Jon
Jonathan Katz -- J. Random BOFH