JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Trusted Extensions Configuration and Administration     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

Part I Initial Configuration of Trusted Extensions

1.  Security Planning for Trusted Extensions

2.  Configuration Roadmap for Trusted Extensions

3.  Adding the Trusted Extensions Feature to Oracle Solaris (Tasks)

4.  Configuring Trusted Extensions (Tasks)

5.  Configuring LDAP for Trusted Extensions (Tasks)

Part II Administration of Trusted Extensions

6.  Trusted Extensions Administration Concepts

7.  Trusted Extensions Administration Tools

8.  Security Requirements on a Trusted Extensions System (Overview)

9.  Performing Common Tasks in Trusted Extensions

10.  Users, Rights, and Roles in Trusted Extensions (Overview)

11.  Managing Users, Rights, and Roles in Trusted Extensions (Tasks)

Customizing the User Environment for Security (Task Map)

How to Modify Default User Label Attributes

How to Modify policy.conf Defaults

How to Configure Startup Files for Users in Trusted Extensions

How to Log In to a Failsafe Session in Trusted Extensions

Managing Users and Rights (Task Map)

How to Modify a User's Label Range

How to Create a Rights Profile for Convenient Authorizations

How to Restrict a User's Set of Privileges

How to Prevent Account Locking for Users

How to Enable a User to Change the Security Level of Data

How to Delete a User Account From a Trusted Extensions System

12.  Remote Administration in Trusted Extensions (Tasks)

13.  Managing Zones in Trusted Extensions

14.  Managing and Mounting Files in Trusted Extensions

15.  Trusted Networking (Overview)

16.  Managing Networks in Trusted Extensions (Tasks)

17.  Trusted Extensions and LDAP (Overview)

18.  Multilevel Mail in Trusted Extensions (Overview)

19.  Managing Labeled Printing (Tasks)

20.  Devices in Trusted Extensions (Overview)

21.  Managing Devices for Trusted Extensions (Tasks)

22.  Trusted Extensions Auditing (Overview)

23.  Software Management in Trusted Extensions

A.  Site Security Policy

Creating and Managing a Security Policy

Site Security Policy and Trusted Extensions

Computer Security Recommendations

Physical Security Recommendations

Personnel Security Recommendations

Common Security Violations

Additional Security References

B.  Configuration Checklist for Trusted Extensions

Checklist for Configuring Trusted Extensions

C.  Quick Reference to Trusted Extensions Administration

Administrative Interfaces in Trusted Extensions

Oracle Solaris Interfaces Extended by Trusted Extensions

Tighter Security Defaults in Trusted Extensions

Limited Options in Trusted Extensions

D.  List of Trusted Extensions Man Pages

Trusted Extensions Man Pages in Alphabetical Order

Oracle Solaris Man Pages That Are Modified by Trusted Extensions

Glossary

Index

Managing Users and Rights (Task Map)

In Trusted Extensions, you assume the Security Administrator role to administer users, authorizations, rights, and roles. The following task map describes common tasks that you perform for users who operate in a labeled environment.

Task
Description
For Instructions
Modify a user's label range.
Modifies the labels at which a user can work. Modifications can restrict or extend the range that the label_encodings file permits.
Create a rights profile for convenient authorizations.
Several authorizations exist that might be useful for regular users. Creates a profile for users who qualify to have these authorizations.
Modify a user's default privilege set.
Removes a privilege from the user's default privilege set.
Prevent account locking for particular users.
Users who can assume a role must have account locking turned off.
Enable a user to relabel data.
Authorizes a user to downgrade information or upgrade information.
Remove a user from the system.
Completely removes a user and the user's processes.

How to Modify a User's Label Range

You might want to extend a user's label range to give the user read access to an administrative application. For example, a user who can log in to the global zone could then view a list of the systems that run at a particular label. The user could view, but not change the contents.

Alternatively, you might want to restrict the user's label range. For example, a guest user might be limited to one label.

Before You Begin

You must be in the Security Administrator role in the global zone.

How to Create a Rights Profile for Convenient Authorizations

Where site security policy permits, you might want to create a rights profile that contains authorizations for users who can perform tasks that require authorization. To enable every user of a particular system to be authorized, see How to Modify policy.conf Defaults.

Before You Begin

You must be in the Security Administrator role in the global zone.

  1. Create a rights profile that contains one or more of the following authorizations.

    For the step-by-step procedure, see How to Create a Rights Profile in Oracle Solaris 11.1 Administration: Security Services.

    The following authorizations that might be convenient for users:

    • solaris.device.allocate – Authorizes a user to allocate a peripheral device, such as a microphone or CD-ROM.

      By default, Oracle Solaris users can read and write to a CD-ROM. However, in Trusted Extensions, only users who can allocate a device can access the CD-ROM drive. To allocate the drive for use requires authorization. Therefore, to read and write to a CD-ROM in Trusted Extensions, a user needs the Allocate Device authorization.

    • solaris.label.file.downgrade – Authorizes a user to lower the security level of a file

    • solaris.label.file.upgrade – Authorizes a user to heighten the security level of a file.

    • solaris.label.win.downgrade – Authorizes a user to select information from a higher-level file and place that information in a lower-level file.

    • solaris.label.win.noview – Authorizes a user to move information without viewing the information that is being moved.

    • solaris.label.win.upgrade – Authorizes a user to select information from a lower-level file and place that information in a higher-level file.

    • solaris.login.remote – Authorizes a user to remotely log in.

    • solaris.print.nobanner - Authorizes a user to print hard copy without a banner page.

    • solaris.print.unlabeled – Authorizes a user to print hard copy that does not display labels.

    • solaris.system.shutdown – Authorizes a user to shut down the system and to shut down a zone.

  2. Assign the rights profile to a user or a role.

    For the step-by-step procedure, see How to Change the Security Attributes of a User in Oracle Solaris 11.1 Administration: Security Services.

How to Restrict a User's Set of Privileges

Site security might require that users be permitted fewer privileges than users are assigned by default. For example, at a site that uses Trusted Extensions on Sun Ray systems, you might want to prevent users from viewing other users' processes on the Sun Ray server.

Before You Begin

You must be in the Security Administrator role in the global zone.

See Also

For an example of collecting the privilege restrictions in a rights profile, see the examples following How to Create a Rights Profile in Oracle Solaris 11.1 Administration: Security Services.

To restrict the privileges of all users on a system, see Example 11-2.

How to Prevent Account Locking for Users

Perform this procedure for all users who can assume a role.

Before You Begin

You must be in the Security Administrator role in the global zone.

How to Enable a User to Change the Security Level of Data

A regular user or a role can be authorized to change the security level, or labels, of files and directories or of selected text. The user or role, in addition to having the authorization, must be configured to work at more than one label. And, the labeled zones must be configured to permit relabeling. For the procedure, see How to Enable Files to Be Relabeled From a Labeled Zone.


Caution

Caution - Changing the security level of data is a privileged operation. This task is for trustworthy users only.


Before You Begin

You must be in the Security Administrator role in the global zone.

Example 11-5 Enabling a User to Upgrade But Not to Downgrade a File's Label

The Object Label Management rights profile enables users to upgrade and downgrade labels. In this example, the administrator permits a trusted user to upgrade data, but not to downgrade it.

The administrator creates a rights profile that is based on the Object Label Management profile, and removes the Downgrade File Label and Downgrade DragNDrop or CutPaste Info authorizations in the new profile.

# profiles -p "Object Label Management"
profiles:Object Label Management> set name="Object Upgrade"
profiles:Object Upgrade> info auths
...
profiles:Object Upgrade> remove auths="solaris.label.file.downgrade,
solaris.label.win.downgrade"
profiles:Object Upgrade> commit
profiles:Object Upgrade> end

Then, the administrator assigns the profile to a trusted user.

# usermod -P +"Object Upgrade" jdoe

How to Delete a User Account From a Trusted Extensions System

When a user is removed from the system, you must ensure that the user's home directory and any objects that the user owns are also deleted. As an alternative to deleting objects that are owned by the user, you might change the ownership of these objects to a valid user.

You must also ensure that all batch jobs that are associated with the user are also deleted. No objects or processes belonging to a removed user can remain on the system.

Before You Begin

You must be in the System Administrator role in the global zone.

  1. Archive the user's home directory at every label.
  2. Archive the user's mail files at every label.
  3. Delete the user account.
    # userdel -r jdoe
  4. In every labeled zone, manually delete the user's directories and mail files.

    Note - You are responsible for finding and deleting the user's temporary files at all labels, such as files in /tmp directories.


    For further considerations, see User Deletion Practices.