test

System Administration Guide: Security Services

ProcedureHow to Assign a Role to a Local User

This procedure assigns a local role to a local user, restarts the name cache daemon, and then shows how the user can assume the role.

To assign a role to a user in a distributed name service, see How to Create a Role From the Command Line and How to Change the Properties of a Role.

Before You Begin

You have added a local role, as described in How to Create a Role From the Command Line. You must either assume a role that includes the Primary Administrator rights profile, or switch to thh user root.

  1. Assign the role to a local user.

    If you added a local role with the roleadd command, this step is required. This step is optional when you use the smrole command and the Solaris Management Console to create a role.


    # usermod -u UID -R rolename login-name
    -u UID

    Is the UID of the user.

    -R rolename

    Is the role that is being assigned to the user.

    login-name

    Is the user's login name.

  2. To put the changes into effect, restart the name service cache daemon.


    # svcadm restart system/name-service-cache

    If you added a role with a Solaris Management Console interface, go to Using Roles (Task Map). Otherwise, continue with the next step.

  3. (Optional) To unlock the role account, the user must create a password.

    If you added a local role with the roleadd command, this step is required.


    % su - rolename
Password: <Type rolename password>
Confirm Password: <Retype rolename password>
$
Example 9–7 Creating and Assigning a Local Role From the Command Line

In this example, a role is created to administer the Solaris Cryptographic Framework. The Crypto Management rights profile contains the cryptoadm command for administering hardware and software cryptographic services on a local system.


# roleadd -c "Cryptographic Services manager" \
-g 14 -m /export/home/cryptoadm -u 104 -s pfksh \
-P "Crypto Management" cryptomgt
# usermod -u 1111 -R cryptomgt
# svcadm restart system/name-service-cache
% su - cryptomgt
Password: <Type cryptomgt password>
Confirm Password: <Retype cryptomgt password>
$ /usr/ucb/whoami
cryptomgt
$

For information about the Solaris Cryptographic Framework, see Chapter 13, Solaris Cryptographic Framework (Overview). To administer the framework, see Administering the Cryptographic Framework (Task Map).