System Administration Guide: Security Services

ProcedureHow to Assign a Role to a Local User

This procedure assigns a local role to a local user, restarts the name cache daemon, and then shows how the user can assume the role.

To assign a role to a user in a distributed name service, see How to Create a Role From the Command Line and How to Change the Properties of a Role.

Before You Begin

You have added a local role, as described in How to Create a Role From the Command Line. You must either assume a role that includes the Primary Administrator rights profile, or switch to thh user root.

  1. Assign the role to a local user.

    If you added a local role with the roleadd command, this step is required. This step is optional when you use the smrole command and the Solaris Management Console to create a role.

    # usermod -u UID -R rolename login-name
    -u UID

    Is the UID of the user.

    -R rolename

    Is the role that is being assigned to the user.


    Is the user's login name.

  2. To put the changes into effect, restart the name service cache daemon.

    # svcadm restart system/name-service-cache

    If you added a role with a Solaris Management Console interface, go to Using Roles (Task Map). Otherwise, continue with the next step.

  3. (Optional) To unlock the role account, the user must create a password.

    If you added a local role with the roleadd command, this step is required.

    % su - rolename
    Password: <Type rolename password>
    Confirm Password: <Retype rolename password>

Example 9–7 Creating and Assigning a Local Role From the Command Line

In this example, a role is created to administer the Solaris Cryptographic Framework. The Crypto Management rights profile contains the cryptoadm command for administering hardware and software cryptographic services on a local system.

# roleadd -c "Cryptographic Services manager" \
-g 14 -m /export/home/cryptoadm -u 104 -s pfksh \
-P "Crypto Management" cryptomgt
# usermod -u 1111 -R cryptomgt
# svcadm restart system/name-service-cache
% su - cryptomgt
Password: <Type cryptomgt password>
Confirm Password: <Retype cryptomgt password>
$ /usr/ucb/whoami

For information about the Solaris Cryptographic Framework, see Chapter 13, Solaris Cryptographic Framework (Overview). To administer the framework, see Administering the Cryptographic Framework (Task Map).