|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris 11 Express Release Notes Oracle Solaris 11 Express 11/10|
This section provides general information that pertains to runtime issues in the Oracle Solaris 11 Express release.
Performing Oracle Solaris administration tasks often requires elevated privileges. A recommended practice is to delegate privileges or rights to specific user accounts rather than provide root or superuser access for all administration purposes.
In this Oracle Solaris release, consider the following methods for performing administration tasks as a privileged user:
Role-based access control - A special user account called a role can be assigned a rights profile to specify which tasks a role can perform. Users only can assume the roles for which they are authorized. In this Oracle Solaris release, the root account is set up as a role by default. This means you can designate which users are authorized to log into the root account. After a privileged user is added to the root role, use the su command and the root password to access the root privileges.
The initial user created during the installation is automatically authorized to assume the root role and is also put in the initial sudoers file. In addition, that user is granted the Software Installation rights profile, which includes commands like pkg and beadm. For such commands, the user need not assume the root role. Instead, the user can invoke a subshell. For example, pfsh, from which to invoke these commands. It is no longer necessary to use the pfexec command. Alternatively, the user can run the graphical equivalent of these commands, such as Package Manager. In this case, the user is prompted for the root password. The root password is initially set to the same password as the user account that is created during installation, but it is already expired. You will be immediately prompted to reset the root password. For more information about the expired password, see Gksu Does Not Report Expired Password (6995127).
Using sudo-based access control - You grant root capabilities by creating an /etc/sudoers file with the visudo command and adding any entry for each privileged user by following the syntax that is described in the sudoers.4 man page. For example, the following syntax grants privileged access to user otto for all commands on the system, but he must supply his user password:
otto ALL=(ALL) ALL
An user that is granted administration privileges by an entry in the /etc/sudoers file then runs a command with sudo similar to the following:
$ sudo pkg update