Oracle Solaris Trusted Extensions Administrator's Procedures

Trusted CDE Actions

The following tables list the CDE actions that roles in Trusted Extensions can run. These trusted CDE actions are available from the Trusted_Extensions folder. The Trusted_Extensions folder is available from the Application Manager folder on the CDE desktop.

Table 2–2 Administrative Actions in Trusted CDE, Their Purpose, and Associated Rights Profiles


Action Name	Purpose of Action	Default Rights Profile
`Add Allocatable Device`	Creates devices by adding entries to device databases. See add_allocatable(1M).	Device Security
`Admin Editor`	Edits the specified file. See How to Edit Administrative Files in Trusted Extensions.	Object Access Management
`Audit Classes`	Edits the `audit_class` file. See audit_class(4).	Audit Control
`Audit Control`	Edits the `audit_control` file. See audit_control(4).	Audit Control
`Audit Events`	Edits the `audit_event` file. See audit_event(4).	Audit Control
`Audit Startup`	Edits the `audit_startup.sh` script. See audit_startup(1M).	Audit Control
`Check Encodings`	Runs the `chk_encodings` command on specified encodings file. See chk_encodings(1M).	Object Label Management
`Check TN Files`	Runs the `tnchkdb` command on `tnrhdb`, `tnrhtp`, and `tnzonecfg` databases. See tnchkdb(1M).	Network Management
`Configure Selection Confirmation`	Edits `/usr/dt/config/sel_config` file. See sel_config(4).	Object Label Management
`Create LDAP Client`	Makes the global zone an LDAP client of an existing LDAP directory service.	Information Security
`Edit Encodings`	Edits the specified `label_encodings` file and runs the `chk_encodings` command. See chk_encodings(1M).	Object Label Management
`Name Service Switch`	Edits the `nsswitch.conf` file. See nsswitch.conf(4).	Network Management
`Set DNS Servers`	Edits the `resolv.conf` file. See resolv.conf(4).	Network Management
`Set Daily Message`	Edits the `/etc/motd` file. At login, the contents of this file display in the Last Login dialog box.	Network Management
`Set Default Routes`	Specifies default static routes.	Network Management
`Share Filesystem`	Edits the `dfstab` file. Does not run the `share` command. See dfstab(4).	File System Management

The following actions are used by the initial setup team during zone creation. Some of these actions can be used for maintenance and troubleshooting.

Table 2–3 Installation Actions in Trusted CDE, Their Purpose, and Associated Rights Profiles


Action Name	Purpose of Action	Default Rights Profile
`Clone Zone`	Creates a labeled zone from a ZFS snapshot of an existing zone.	Zone Management
`Copy Zone`	Creates a labeled zone from an existing zone.	Zone Management
`Configure Zone`	Associates a label with a zone name.	Zone Management
`Initialize Zone for LDAP`	Initializes the zone for booting as an LDAP client.	Zone Management
`Install Zone`	Installs the system files that a labeled zone requires.	Zone Management
`Restart Zone`	Restarts a zone that has already been booted.	Zone Management
`Share Logical Interface`	Sets up one interface for the global zone and a separate interface for the labeled zones to share.	Network Management
`Share Physical Interface`	Sets up one interface that is shared by the global zone and the labeled zones.	Network Management
`Shut Down Zone`	Shuts down an installed zone.	Zone Management
`Start Zone`	Boots an installed zone and starts the services for that zone.	Zone Management
`Zone Terminal Console`	Opens a console to view processes in an installed zone.	Zone Management