Trusted Solaris Administrator's Procedures

Adding Trusted Actions

The process of creating and using actions is pretty much the same in the Trusted Solaris environment as it is in a Solaris environment. Adding actions is described in the "Adding and Administering Applications" in Solaris Common Desktop Environment: Advanced User's and System Administrator's Guide.

In the Trusted Solaris environment, use of actions is controlled by the rights profile mechanism. Actions that are assigned security attributes in a rights profile can run with the assigned security attributes if they are invoked within one of the window system's trusted processes. In the Trusted Solaris environment, a number of actions have been assigned security attributes in the rights profiles of administrative roles. The Security Administrator role can also use the Rights tool to assign security attributes to new actions.

The following table summarizes the main differences encountered in creating and using actions in the Trusted Solaris environment.

Table 13-1 Constraints on Actions in the Trusted Solaris Environment

Solaris CDE 

Trusted Solaris CDE 

New actions may be created by anyone within the originator's home directory, and a new action is automatically usable by its creator. 

An action is only usable by a user or role if the action is one of the account's rights profiles. The actions' search path has been changed so that actions in any individual's home directory are processed last instead of first. Therefore, no one can customize existing actions. 

If either the Create Action action or commands or actions that permit the editing of files are in an account's profile, the user or role can create a new action in the account's home directory, but the account may not be able to use the new action.

 

There are two ways a user can use a new action: if the Security Administrator role adds the name of the new action to one of the account's rights profiles, or if the user has the All profile. The All profile turns off all checks for actions, and as a result any existing and potential actions may then be used by that account. 

 

If the account is allowed to use the action by its rights profiles, the account can launch the action from its home directory through the File Manager. The default System Administrator and administrator roles are permitted to place actions in public directories. 

Actions can be dragged and dropped to the Front Panel. 

The Front Panel is part of the trusted path. The window manager recognizes only the administratively-added actions that are located in /usr/dt and /etc/dt subdirectories where system-wide action files are kept. Even if a normal user account or a non-administrative role account creates a new action in the account's home directory and has the All Accounts profile, new actions dragged to the Front Panel from the user's home directory are not recognized by the window manager, which only looks in the public directories.

The only way that actions can do privileged operations is if they are run by root. 

If actions are specified to have privileges in one of the invoking account's rights profiles, actions can inherit privileges when they are launched from a trusted process. Therefore, the only way that actions can do privileged operation is if they have been assigned privileges in the account's profiles. 

Actions are not managed by the Solaris Management Console. 

Actions are assigned to rights profiles by the Rights tool. If new actions are added, the Security Administrator role needs to make the new actions available. See "To Make New Actions Available to the Rights Tool".