This procedure assigns a local role to a local user, restarts the name cache daemon, and then shows how the user can assume the role.
You have added a local role, as described in How to Create a Role From the Command Line. You must have assumed the role of Primary Administrator or have switched to superuser.
Assign the role to a local user.
If you added a local role with the roleadd command, this step is required. This step is optional when you use the smrole command and the Solaris Management Console to create a role.
# usermod -u UID -R rolename login-name
Is the UID of the user.
Is the role that is being assigned to the user.
Is the user's login name.
To put the changes into effect, restart the name service cache daemon.
# svcadm restart system/name-service-cache
If you added a role with a Solaris Management Console interface, go to Using Roles (Task Map). Otherwise, continue with the next step.
(Optional) To unlock the role account, the user must create a password.
If you added a local role with the roleadd command, this step is required.
% su - rolename Password: <Type rolename password> Confirm Password: <Retype rolename password> $
In this example, a role is created to administer the Solaris Cryptographic Framework. The Crypto Management rights profile contains the cryptoadm command for administering hardware and software cryptographic services on a local system.
# roleadd -c "Cryptographic Services manager" \ -g 14 -m /export/home/cryptoadm -u 104 -s pfksh \ -P "Crypto Management" cryptomgt # usermod -u 1111 -R cryptomgt # svcadm restart system/name-service-cache % su - cryptomgt Password: <Type cryptomgt password> Confirm Password: <Retype cryptomgt password> $ /usr/ucb/whoami cryptomgt $
For information about the Solaris Cryptographic Framework, see Chapter 13, Solaris Cryptographic Framework (Overview). To administer the framework, see Administering the Cryptographic Framework (Task Map).