Skip Navigation Links | |
Exit Print View | |
Trusted Extensions Administrator's Procedures Oracle Solaris 10 1/13 Information Library |
1. Trusted Extensions Administration Concepts
2. Trusted Extensions Administration Tools
3. Getting Started as a Trusted Extensions Administrator (Tasks)
4. Security Requirements on a Trusted Extensions System (Overview)
5. Administering Security Requirements in Trusted Extensions (Tasks)
6. Users, Rights, and Roles in Trusted Extensions (Overview)
7. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
8. Remote Administration in Trusted Extensions (Tasks)
9. Trusted Extensions and LDAP (Overview)
10. Managing Zones in Trusted Extensions (Tasks)
11. Managing and Mounting Files in Trusted Extensions (Tasks)
12. Trusted Networking (Overview)
13. Managing Networks in Trusted Extensions (Tasks)
14. Multilevel Mail in Trusted Extensions (Overview)
15. Managing Labeled Printing (Tasks)
16. Devices in Trusted Extensions (Overview)
17. Managing Devices for Trusted Extensions (Tasks)
18. Trusted Extensions Auditing (Overview)
19. Software Management in Trusted Extensions (Tasks)
Adding Software to Trusted Extensions
Oracle Solaris Security Mechanisms for Software
Evaluating Software for Security
Developer Responsibilities When Creating Trusted Programs
Security Administrator Responsibilities for Trusted Programs
Managing Software in Trusted Extensions (Tasks)
How to Add a Software Package in Trusted Extensions
How to Install a Java Archive File in Trusted Extensions
A. Quick Reference to Trusted Extensions Administration
In Solaris Trusted Extensions (CDE), the following window system processes are trusted:
Front Panel
Subpanels of the Front Panel
Workspace Menu
File Manager
Application Manager
The window system's trusted processes are available to everyone, but access to administrative actions is restricted to roles in the global zone.
In the File Manager, if an action is not in one of the account's profiles, the icon for the action is not visible. In the Workspace Menu, if an action is not in one of the account's profiles, the action is visible, but an error displays if the action is invoked.
In Trusted CDE, the window manager, dtwm, calls the Xtsolusersession script. This script works with the window manager to invoke actions that are started from the window system. The Xtsolusersession script checks the account's rights profiles when the account attempts to launch an action. In either case, if the action is in an assigned rights profile, the action is run with the security attributes that are specified in the profile.
The process of creating and using CDE actions in Trusted Extensions is similar to the process in the Oracle Solaris OS. Adding actions is described in the Chapter 4, Adding and Administering Applications, in Solaris Common Desktop Environment: Advanced User’s and System Administrator’s Guide.
As in the Oracle Solaris OS, the use of actions can be controlled by the rights profile mechanism. In Trusted Extensions, several actions have been assigned security attributes in the rights profiles of administrative roles. The security administrator can also use the Rights tool to assign security attributes to new actions.
The following table summarizes the main differences between an Oracle Solaris system and a Trusted Extensions system when you create and use actions.
Table 19-1 Constraints on CDE Actions in Trusted Extensions
|