How to Control Access to All Domain Consoles by Using Rights Profiles

Language:

Restrict access to a domain console by enabling console authorization checking.

primary# svccfg -s vntsd setprop vntsd/authorization = true
primary# svcadm refresh vntsd
primary# svcadm restart vntsd

Create a rights profile with the solaris.vntsd.consoles authorization.
Use the profiles command to create a new profile.
```
primary# profiles -p "LDoms Consoles" \
'set desc="Access LDoms Consoles"; set auths=solaris.vntsd.consoles'
```

Assign the rights profile to a user.

primary# usermod -P +"LDoms Consoles" username

Connect to the domain console as the user.
```
$ telnet localhost 5000
```

Example 3 Controlling Access to All Domain Consoles by Using Rights Profiles

The following example shows how to use rights profiles to control access to all domain consoles. Use the profiles command to create a rights profile with the solaris.vntsd.consoles authorization in the rights profile description database.

primary# profiles -p "LDoms Consoles" \
'set desc="Access LDoms Consoles"; set auths=solaris.vntsd.consoles'

Assign the rights profile to a user.

primary# usermod -P +"LDoms Consoles" sam

The following commands show how to verify that the user is sam and that the All, Basic Solaris User, and LDoms Consoles rights profiles are in effect. The telnet command shows how to access the ldg1 domain console.

$ id
uid=702048(sam) gid=1(other)
$ profiles
All
Basic Solaris User
LDoms Consoles
$ telnet localhost 5000
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.

Connecting to console "ldg1" in group "ldg1" ....
Press ~? for control options ..