Go to main content

Oracle® Advanced Support Gateway Security Guide

Exit Print View

Updated: September 2024
 
 

Solaris 10 Initial Setup User RBAC Profile

Solaris 10 RBAC configuration is controlled through files located in the /etc/security directory. Append the following lines to the exec_attr file:

ACSSINITIAL:solaris:cmd:::<Service EM
Base>/agent_home/core/<version>/root.sh:uid=0
ACSSINITIAL:solaris:cmd:::<Service EM
Base>/agent_home/agent_<version>/<version>/root.sh:uid=0
ACSSINITIAL:solaris:cmd:::/opt/ipmitool/bin/ipmitool:uid=0
ACSSINITIAL:solaris:cmd:::/opt/ipmitool/sbin/ipmitool:uid=0
ACSSINITIAL:solaris:cmd:::/usr/bin/chmod:uid=0
ACSSINITIAL:solaris:cmd:::/usr/bin/chown:uid=0
ACSSINITIAL:solaris:cmd:::/usr/bin/chgrp:uid=0
ACSSINITIAL:solaris:cmd:::/usr/bin/crontab:uid=0
ACSSINITIAL:solaris:cmd:::/usr/bin/cp:uid=0
ACSSINITIAL:solaris:cmd:::/usr/bin/ex:uid=0
ACSSINITIAL:solaris:cmd:::/usr/bin/vim:uid=0
ACSSINITIAL:solaris:cmd:::/usr/bin/grep:uid=0
ACSSINITIAL:solaris:cmd:::/usr/sbin/groupadd:uid=0
ACSSINITIAL:solaris:cmd:::/usr/bin/ls:uid=0
ACSSINITIAL:solaris:cmd:::/usr/bin/mkdir:uid=0
ACSSINITIAL:solaris:cmd:::/usr/bin/rmdir:uid=0
ACSSINITIAL:solaris:cmd:::/usr/bin/passwd:uid=0
ACSSINITIAL:solaris:cmd:::/usr/sbin/svcadm:uid=0
ACSSINITIAL:solaris:cmd:::/usr/sbin/useradd:uid=0
ACSSINITIAL:solaris:cmd:::/usr/sbin/usermod:uid=0
ACSSINITIAL:solaris:cmd:::/usr/bin/tfactl:uid=0

If Oracle Enterprise Manager (OEM) agents are installed on an Exalogic, an NFS mount is configured by Oracle, and the user must also have the following command added to the profile:

ACSSINITIAL:solaris:cmd:::/sbin/mount:uid=0

Append the following line to the prof_attr file:

ACSSINITIAL:::Oracle Install Profile:

Once these entries have been added, update the user that will be used for the initial installation to allow access to the profile:

usermod -P ACSSINITIAL <user>