How to Verify That the Trusted Extensions Roles Work - Trusted Extensions Configuration and Administration

Trusted Extensions Configuration and Administration

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Trusted Extensions Configuration and ... » Initial Configuration of Trusted Extensions » Configuring Trusted Extensions » Creating Roles and Users in Trusted Extensions » How to Verify That the Trusted Extensions ...

Updated: July 2014

Trusted Extensions Configuration and Administration

Document Information

Using This Documentation

Part I Initial Configuration of Trusted Extensions

Chapter 1 Security Planning for Trusted Extensions

What's New in Trusted Extensions in Oracle Solaris 11.2

Planning for Security in Trusted Extensions

Results of Enabling Trusted Extensions From an Administrator's Perspective

Chapter 2 Configuration Roadmap for Trusted Extensions

Task Map: Preparing for and Enabling Trusted Extensions

Task Map: Choosing a Trusted Extensions Configuration

Task Map: Configuring Trusted Extensions With the Provided Defaults

Task Map: Configuring Trusted Extensions to Meet Your Site's Requirements

Chapter 3 Adding the Trusted Extensions Feature to Oracle Solaris

Initial Setup Team Responsibilities

Resolving Security Issues Before Installing Trusted Extensions

Installing and Enabling Trusted Extensions

Chapter 4 Configuring Trusted Extensions

Setting Up the Global Zone in Trusted Extensions

How to Check and Install Your Label Encodings File

How to Configure an IPv6 CIPSO Network in Trusted Extensions

How to Configure a Different Domain of Interpretation

Creating Labeled Zones

How to Create a Default Trusted Extensions System

How to Create Labeled Zones Interactively

How to Assign Labels to Two Zone Workspaces

How to Create Labeled Zones by Using the zonecfg Command

Configuring the Network Interfaces in Trusted Extensions

How to Share a Single IP Address With All Zones

How to Add an IP Instance to a Labeled Zone

How to Add a Virtual Network Interface to a Labeled Zone

How to Connect a Trusted Extensions System to Other Trusted Extensions Systems

How to Configure a Separate Name Service for Each Labeled Zone

Creating Roles and Users in Trusted Extensions

How to Create the Security Administrator Role in Trusted Extensions

How to Create a System Administrator Role

How to Create Users Who Can Assume Roles in Trusted Extensions

How to Verify That the Trusted Extensions Roles Work

How to Enable Users to Log In to a Labeled Zone

Creating Centralized Home Directories in Trusted Extensions

How to Create the Home Directory Server in Trusted Extensions

How to Enable Users to Access Their Remote Home Directories at Every Label by Logging In to Each NFS Server

How to Enable Users to Access Their Remote Home Directories by Configuring the Automounter on Each Server

Troubleshooting Your Trusted Extensions Configuration

How to Move Desktop Panels to the Bottom of the Screen

Additional Trusted Extensions Configuration Tasks

How to Create a Secondary Labeled Zone

How to Create and Share a Multilevel Dataset

How to Copy Files to Portable Media in Trusted Extensions

How to Copy Files From Portable Media in Trusted Extensions

How to Remove Trusted Extensions From the System

Chapter 5 Configuring LDAP for Trusted Extensions

Configuring LDAP on a Trusted Extensions Network

Configuring an LDAP Proxy Server on a Trusted Extensions System

Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System

Creating a Trusted Extensions Proxy for an Existing Oracle Directory Server Enterprise Edition

Creating a Trusted Extensions LDAP Client

Part II Administration of Trusted Extensions

Appendix A Site Security Policy

Appendix B Configuration Checklist for Trusted Extensions

Appendix C Quick Reference to Trusted Extensions Administration

Appendix D List of Trusted Extensions Man Pages

Language:

How to Verify That the Trusted Extensions Roles Work

To verify each role, assume the role. Then, perform tasks that only that role can perform and attempt tasks that the role is not permitted to perform.

Before You Begin

If you have configured DNS or routing, you must reboot after you create the roles and before you verify that the roles work.

For each role, log in as a user who can assume the role.
Assume the role.
- On a system that is not running a multilevel desktop, open a terminal window.
  1. Switch to the role.
```
% su - rolename
```
  2. Verify that the PRIV_PFEXEC flag is in effect.
```
# ppriv $$
...
flags = PRIV_PFEXEC
...
```
- On a multilevel desktop, assume the role.
  In the following trusted stripe, the user name is tester.
  1. Click your user name in the trusted stripe.
  2. From the list of roles that are assigned to you, select a role.
Test the role.
For the authorizations that are required to change user properties, see the passwd(1) man page.
- The System Administrator role should be able to create a user and modify user properties that require the solaris.user.manage authorization, such as the user's login shell. The System Administrator role should not be able to change user properties that require the solaris.account.setpolicy authorization.
- The Security Administrator role should be able to change user properties that require the solaris.account.setpolicy authorization. The Security Administrator should not be able to create a user or change a user's login shell.

Copyright © 1992, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices