Skip Navigation Links | |
Exit Print View | |
Trusted Extensions Administrator's Procedures Oracle Solaris 10 1/13 Information Library |
1. Trusted Extensions Administration Concepts
2. Trusted Extensions Administration Tools
3. Getting Started as a Trusted Extensions Administrator (Tasks)
What's New in Trusted Extensions
Getting Started as a Trusted Extensions Administrator (Task Map)
How to Enter the Global Zone in Trusted Extensions
How to Exit the Global Zone in Trusted Extensions
How to Administer the Local System With the Solaris Management Console
How to Start CDE Administrative Actions in Trusted Extensions
How to Edit Administrative Files in Trusted Extensions
4. Security Requirements on a Trusted Extensions System (Overview)
5. Administering Security Requirements in Trusted Extensions (Tasks)
6. Users, Rights, and Roles in Trusted Extensions (Overview)
7. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
8. Remote Administration in Trusted Extensions (Tasks)
9. Trusted Extensions and LDAP (Overview)
10. Managing Zones in Trusted Extensions (Tasks)
11. Managing and Mounting Files in Trusted Extensions (Tasks)
12. Trusted Networking (Overview)
13. Managing Networks in Trusted Extensions (Tasks)
14. Multilevel Mail in Trusted Extensions (Overview)
15. Managing Labeled Printing (Tasks)
16. Devices in Trusted Extensions (Overview)
17. Managing Devices for Trusted Extensions (Tasks)
18. Trusted Extensions Auditing (Overview)
19. Software Management in Trusted Extensions (Tasks)
A. Quick Reference to Trusted Extensions Administration
In Trusted Extensions, roles are the conventional way to administer the system. Typically, superuser is not used. Roles are created just as they are in the Oracle Solaris OS, and most tasks are performed by roles. In Trusted Extensions, the root user is not used to perform administrative tasks.
The following roles are typical of a Trusted Extensions site:
root role – Created by the initial setup team
Security Administrator role – Created during or after initial configuration by the initial setup team
System Administrator role – Created by the Security Administrator role
As in the Oracle Solaris OS, you might also create a Primary Administrator role, an Operator role, and so on. With the exception of the root role, the roles that you create can be administered in a naming service.
As in the Oracle Solaris OS, only users who have been assigned a role can assume that role. In Solaris Trusted Extensions (CDE), you can assume a role from a desktop menu called the Trusted Path menu. In Solaris Trusted Extensions (JDS), you can assume a role when your user name is displayed in the Trusted Stripe. The role choices appear when you click your user name.
To administer Trusted Extensions, you create roles that divide system and security functions. The initial setup team created the Security Administrator role during configuration. For details, see Create the Security Administrator Role in Trusted Extensions in Trusted Extensions Configuration Guide.
The process of creating a role in Trusted Extensions is identical to the Oracle Solaris OS process. As described in Chapter 2, Trusted Extensions Administration Tools, the Solaris Management Console is the GUI for managing roles in Trusted Extensions.
For an overview of role creation, see Chapter 10, Role-Based Access Control (Reference), in System Administration Guide: Security Services and Using RBAC (Task Map) in System Administration Guide: Security Services.
To create a powerful role that is equivalent to superuser, see Creating the Primary Administrator Role in Oracle Solaris Administration: Basic Administration. At sites that use Trusted Extensions, the Primary Administrator role might violate security policy. These sites would turn root into a role, and create a Security Administrator role.
To create the root role, see How to Make root User Into a Role in System Administration Guide: Security Services.
To create roles by using the Solaris Management Console, see How to Create and Assign a Role by Using the GUI in System Administration Guide: Security Services.
Unlike the Oracle Solaris OS, Trusted Extensions provides an Assume Rolename Role menu item from the Trusted Path menu. After confirming the role password, the software activates a role workspace with the trusted path attribute. Role workspaces are administrative workspaces. Such workspaces are in the global zone.