test

Oracle Solaris Trusted Extensions Administrator's Procedures

ProcedureHow to Configure Startup Files for Users in Trusted Extensions

Users can put a .copy_files file and .link_files file into their home directory at the label that corresponds to their minimum sensitivity label. Users can also modify the existing .copy_files and .link_files files at the users' minimum label. This procedure is for the administrator role to automate the setup for a site.

Before You Begin

You must be in the System Administrator role in the global zone. For details, see How to Enter the Global Zone in Trusted Extensions.

  1. Create two Trusted Extensions startup files.

    You are going to add .copy_files and .link_files to your list of startup files.


    # cd /etc/skel
# touch .copy_files .link_files

  2. Customize the .copy_files file.

    1. Start the trusted editor.

      For details, see How to Edit Administrative Files in Trusted Extensions.

    2. Type the full pathname to the .copy_files file.


      /etc/skel/.copy_files

    3. Type into .copy_files, one file per line, the files to be copied into the user's home directory at all labels.

      Use .copy_files and .link_files Files for ideas. For sample files, see Example 7–4.

  3. Customize the .link_files file.

    1. Type the full pathname to the .link_files file in the trusted editor.


      /etc/skel/.link_files

    2. Type into .link_files, one file per line, the files to be linked into the user's home directory at all labels.

  4. Customize the other startup files for your users.

  5. (Optional) Create a skelP subdirectory for users whose default shell is a profile shell.

    The P indicates the Profile shell.

  6. Copy the customized startup files into the appropriate skeleton directory.

  7. Use the appropriate skelX pathname when you create the user.

    The X indicates the letter that begins the shell's name, such as B for Bourne, K for Korn, C for a C shell, and P for Profile shell.

Example 7–4 Customizing Startup Files for Users

In this example, the security administrator configures files for every user's home directory. The files are in place before any user logs in. The files are at the user's minimum label. At this site, the users' default shell is the C shell.

The security administrator creates a .copy_files and a .link_files file in the trusted editor with the following contents:


## .copy_files for regular users
## Copy these files to my home directory in every zone
.mailrc
.mozilla
.soffice
:wq
 

## .link_files for regular users with C shells
## Link these files to my home directory in every zone
.cshrc
.login
.Xdefaults
.Xdefaults-hostname
:wq
 

## .link_files for regular users with Korn shells
# Link these files to my home directory in every zone
.ksh
.profile
.Xdefaults
.Xdefaults-hostname
:wq

In the shell initialization files, the administrator ensures that the users' print jobs go to a labeled printer.


## .cshrc file
setenv PRINTER conf-printer1
setenv LPDEST  conf-printer1
 

## .ksh file
export PRINTER conf-printer1
export LPDEST  conf-printer1

The administrator modifies the .Xdefaults-home-directory-server file to force the dtterm command to source the .profile file for a new terminal.


## Xdefaults-HDserver
Dtterm*LoginShell: true

The customized files are copied to the appropriate skeleton directory.


$ cp .copy_files .link_files .cshrc .login .profile \
.mailrc .Xdefaults .Xdefaults-home-directory-server \
/etc/skelC
$ cp .copy_files .link_files .ksh .profile \
.mailrc .Xdefaults .Xdefaults-home-directory-server \
/etc/skelK
Troubleshooting

If you create a .copy_files files at your lowest label, then log in to a higher zone to run the updatehome command and the command fails with an access error, try the following:

Unless you are using NFS mounts for home directories, the automounter in the higher-level zone should be loopback mounting from /zone/lower-level-zone/export/home/username to /zone/lower-level-zone/home/username.