JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Trusted Extensions Configuration and Administration     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information


Part I Initial Configuration of Trusted Extensions

1.  Security Planning for Trusted Extensions

2.  Configuration Roadmap for Trusted Extensions

3.  Adding Trusted Extensions Software to the Oracle Solaris OS (Tasks)

4.  Configuring Trusted Extensions (Tasks)

5.  Configuring LDAP for Trusted Extensions (Tasks)

6.  Configuring a Headless System With Trusted Extensions (Tasks)

Part II Administration of Trusted Extensions

7.  Trusted Extensions Administration Concepts

8.  Trusted Extensions Administration Tools

9.  Getting Started as a Trusted Extensions Administrator (Tasks)

Security Requirements When Administering Trusted Extensions

Role Creation in Trusted Extensions

Role Assumption in Trusted Extensions

Getting Started as a Trusted Extensions Administrator (Task Map)

How to Enter the Global Zone in Trusted Extensions

How to Exit the Global Zone in Trusted Extensions

10.  Security Requirements on a Trusted Extensions System (Overview)

11.  Administering Security Requirements in Trusted Extensions (Tasks)

12.  Users, Rights, and Roles in Trusted Extensions (Overview)

13.  Managing Users, Rights, and Roles in Trusted Extensions (Tasks)

14.  Remote Administration in Trusted Extensions (Tasks)

15.  Trusted Extensions and LDAP (Overview)

16.  Managing Zones in Trusted Extensions (Tasks)

17.  Managing and Mounting Files in Trusted Extensions (Tasks)

18.  Trusted Networking (Overview)

19.  Managing Networks in Trusted Extensions (Tasks)

20.  Multilevel Mail in Trusted Extensions (Overview)

21.  Managing Labeled Printing (Tasks)

22.  Devices in Trusted Extensions (Overview)

23.  Managing Devices for Trusted Extensions (Tasks)

24.  Trusted Extensions Auditing (Overview)

25.  Software Management in Trusted Extensions (Reference)

A.  Site Security Policy

Creating and Managing a Security Policy

Site Security Policy and Trusted Extensions

Computer Security Recommendations

Physical Security Recommendations

Personnel Security Recommendations

Common Security Violations

Additional Security References

B.  Configuration Checklist for Trusted Extensions

Checklist for Configuring Trusted Extensions

C.  Quick Reference to Trusted Extensions Administration

Administrative Interfaces in Trusted Extensions

Oracle Solaris Interfaces Extended by Trusted Extensions

Tighter Security Defaults in Trusted Extensions

Limited Options in Trusted Extensions

D.  List of Trusted Extensions Man Pages

Trusted Extensions Man Pages in Alphabetical Order

Oracle Solaris Man Pages That Are Modified by Trusted Extensions



Getting Started as a Trusted Extensions Administrator (Task Map)

Familiarize yourself with the following procedures before administering Trusted Extensions.

The following task map describes common procedures and pointers to instructions.
For Instructions
Log in.
Logs you in securely.
Perform common user tasks on a desktop.
These tasks include:
  • Configuring your workspaces

  • Using workspaces at different labels

  • Accessing Trusted Extensions man pages

Perform tasks that require the trusted path.
These tasks include:
  • Allocating a device

  • Changing your password

  • Changing the label of a workspace

Create useful roles.
Creates administrative roles for your site.

The Security Administrator role is a useful role.

Use the root role.
Prevents anonymous login by root. This task is done once per system.
The root role is created at installation by the install media.
Assume a role.
Enters the global zone in a role. All administrative tasks are performed in the global zone.
Exit a role workspace and become regular user.
Leaves the global zone.
Administer device allocation.
Uses the Device Manager – Administration GUI.

How to Enter the Global Zone in Trusted Extensions

By assuming a role, you enter the global zone in Trusted Extensions. Administration of the entire system is possible only from the global zone. Only superuser or a role can enter the global zone.

After assuming a role, the role can create a workspace at a user label to edit administration files in a labeled zone.

For troubleshooting purposes, you can also enter the global zone by starting a Failsafe session. For details, see How to Log In to a Failsafe Session in Trusted Extensions.

Before You Begin

You have created one or more roles, or you plan to enter the global zone as superuser. For pointers, see Role Creation in Trusted Extensions.

  1. Use a trusted mechanism.

    Click your user name in the trusted stripe and choose a role.

    If you have been assigned a role, the role names are displayed in a list.

    For the location and significance of Trusted Extensions desktop features, see Chapter 4, Elements of Trusted Extensions (Reference), in Oracle Solaris Trusted Extensions User Guide.

  2. At the prompt, type the role password.

    In Trusted GNOME, the current workspace changes to the role workspace.

    Click the role name on the trusted stripe, and from the menu, select a different role or user. This action changes the current workspace to the process of the new role or user.

How to Exit the Global Zone in Trusted Extensions

Before You Begin

You are in the global zone.