In the root role, at label ADMIN_LOW
, invoke the Solaris Management Console action from the Application Manager.
See "To Initialize the SMC Server" if you are unsure of how to start the SMC server.
Select the appropriate toolbox.
See "To Select a Toolbox of the Appropriate Scope" for assistance.
Click Trusted Solaris Configuration, then double-click Users.
Enter the role password at the prompt.
Double-click User Accounts.
If toolbox icons display as red stop signs, the toolboxes will not load. To load them, do Step 4.
Choose Add User > Use Wizard from the Action menu.
Role and user IDs come from the same pool of IDs. Do not use existing names or IDs for the users you add.
Begin to create a user who can assume the secadmin role and use Table 3-4 to fill out the fields.
The Add User > Use Wizard dialog boxes create most aspects of a user.
After creating the user, double-click the created user to modify some user properties.
Use Table 3-5 as a guide.
Read the (Recommended) Values columns for guidance.
Parentheses enclose suggestions. Requirements or defaults are not enclosed in parentheses.
When the install team chooses a password, the team must select one that is not easy to guess, thus reducing the chance of an attacker gaining unauthorized access by attempting to guess passwords.
Tab |
User Field |
(Recommended) Value |
---|---|---|
User Name |
User name |
|
Full name |
|
|
Description |
No proprietary info here. |
|
User ID number |
(1001 or higher) |
|
Password |
Set password by Type in or Choose from list |
Assign a password of at least 6 alphanumeric characters. |
|
Confirm | |
Group |
Primary group |
Staff |
Home directory |
Server |
home directory server |
Path |
|
|
|
Server |
|
Path |
|
For the user who can assume the secadmin role, select the Always Available for Account Availability under General, below. Choose an appropriate account availability for other users.
Table 3-5 User Values in Properties/Modify Dialog
Tab |
User Field |
(Recommended) Value |
---|---|---|
General |
Shell |
|
|
Account Availability |
Always Available |
Password |
Set password by Type in or Choose from list |
(Set in Table 3-4.) |
|
Update password by Choose from list or Type in |
|
Group |
Additional Groups |
|
Roles |
Available Roles and Assigned Roles |
secadmin |
Trusted Solaris Attributes |
Minimum Label: Edit |
Default value is correct. |
Clearance: Edit |
Default value is correct. |
|
View: External or Internal |
|
|
|
Label: Show or Hide |
If your site is a no-label site, choose Hide. |
Account Usage |
Idle time |
|
Idle action |
|
|
|
Lock account ... |
No -- for user who will assume a role |
Rights |
Available and Granted | |
Audit |
Excluded and Included |
Set flags per site security policy |
Although Basic Solaris User does not appear in the Granted column, this right is assigned automatically to a user that is created using the Add User wizard. Do not assign the right explicitly.
Create and modify another user, one who can assume the admin role.
(Optional) Create and modify third and fourth users to assume the primaryadmin and oper roles, and provide them with unique IDs, and appropriate Rights.
If site security permits, users can assume more than one role.
These first users should each have at least the Enable Login right -- user can enable logins after a workstation reboot.
After checking your site security policy, you may want to add the Convenient Authorizations right -- user can allocate devices, enable logins, print PostScript files, print without labels, remotely log in, and shut down the workstation.
Return to the procedure and chapter you are working from.
Setting up users is a two-role, trusted procedure. See Table 1-1 for the security defaults that the security administrator can set. Once the security defaults are set, the system administrator can set up user accounts.
In a multilabel environment, users are set up with a useful file, Failed Cross Reference Format. See "Managing Initialization Files" in Trusted Solaris Administrator's Procedures for further discussion.
See "Using the SMC User Manager to Manage User and Role Accounts and Profiles" in Trusted Solaris Administrator's Procedures for details on setting up users and user files.