To use the Trusted Solaris administration tools, you must be in a role account with the assigned rights profiles that contain the desired trusted applications.The following procedure describes how to access a role workspace.
Log in as a normal user.
Assume a role using the Trusted Path menu. If a role workspace already exists, click the role workspace button in the Front Panel.
Supply the role password.
Note that the default label for a role workspace is the role's minimum label, usually ADMIN_LOW
. If desired, you can switch labels by choosing Change Workspace Label from the Trusted Path menu while the pointer is over the role workspace button.
To leave a role workspace temporarily, click any other workspace button. To destroy the workspace, choose Delete from the Trusted Path menu while the pointer is over the role workspace button.
Within the role workspace, you can access four types of trusted applications:
Solaris Management Console tools - The Solaris Management Console (SMC) serves as a launcher for various administration tools and is available from: the Application Manager, the Tools subpanel in the Front Panel, or the command line by typing smc.
Commands - In the Trusted Solaris environment, administrative commands and other commands intended for restricted use are assigned to rights profiles. Opening a terminal in a role workspace launches a profile shell that gives you access to all commands assigned to the account's rights profiles. Any commands that you run are at the label of the current workspace.
CDE actions - The System_Admin folder in Application Manager provides actions for performing miscellaneous system administration tasks. Most of these actions apply a special version of the vi editor, adminvi(1M) to one of the configuration files. You can use the dtpad
editor if you prefer. See "Changing the Default Admin Editor" for details.
For security purposes, the editing actions cannot save a file to a different name, create a new file, or escape to a shell. All actions conform with mandatory access control and the local security policy. Any actions you launch are at the label of the current workspace, unless overridden by a rights profile.
Enhanced desktop tools - The Trusted Solaris operating environment provides desktop tools for administrators from the Front Panel. These tools have capabilities not available to normal users. For example, administrators can use the File Manager to set privileges and labels on executable files. Similarly, the Device Allocation Manager makes device administration capabalities available to roles. See "Understanding Device Allocation".