Installing the SunScreen Software
The SunScreen software is installed by an administrative role. The admin role as described in the Trusted Solaris documentation can be used, or any role, that has the Software Installation rights.
The Screen's and Administration Station's software is installed by admin user.
To Install the Software on the Screen
-
Assume the admin role.
-
From the front panel, choose Allocate Device, then select and mount the CD-ROM device and wait for the File Manager to appear.
Note -If the File Manager does not appear presently after allocating and mounting the CD-ROM, start the File Manager manually and select the /cdrom/cdrom0 directory.
-
In the File Manager, select View Hidden Objects from the View menu.
-
Double click on .install.
-
Double click on install.class.
The rest of the installation steps are the same as a regular SunScreen installation. Refer to the appropriate chapter in this book for further instructions on your particular installation.
To Install the Software on the Administration Station
-
Assume the admin role.
-
From the front panel, choose Allocate Device, then select and mount the CD-ROM device and wait for the File Manager to appear.
-
In the File Manager, select View Hidden Objects from the View menu.
-
Double click on .install.
-
Double click on install.class.
The rest of the installation steps are the same as a regular remote SunScreen installation. Refer to the appropriate chapter in this book for further instruction on your particular installation.
Note -
If you choose to install the SunScreen software on an Administration Station manually, after adding the sunscreen role, run the /usr/lib/sunscreen/lib/ts_setup command as the sunscreen role.
For a more detailed explanation of trusted networking, see the following URL by typing: .
http://www.sun.com/software/solaris/trustedsolaris/trustedsolaris.html |
To Add the sunscreen Role
Note -
You must create the sunscreen role to administer SunScreen (see "Assuming a Role and Working in a Role Workspace" in Trusted Solaris Administrator's Procedures.
-
Create a role named sunscreen using the Solaris Management Console as described in the Trusted Solaris documentation.
You can choose any UID and any GID, but you must assign the following rights:
-
SunScreen -- This is the list of commands needed to administer SunScreen.
-
Outside Accred -- This is the authorization needed to work at an administrative label.
Note -By default, Trusted Solaris assigns the Basic Solaris User rights to all users. If you have modified your policy.conf file to exclude this right, you can either add this right manually to the sunscreen role or assign the Basic Commands and Basic Actions rights to the sunscreen role. This allows the sunscreen role to perform normal command line operations with no additional privilege.
If you choose to allow the sunscreen role to allocate devices, you must assign Convenient Authorizations rights to the role.
The sunscreen role must have a minimum label of ADMIN_LOW. The clearance can be assigned to ADMIN_HIGH, although this is not required.
For example, the sunscreen role is assigned a UID of 121, if not already in use, and a GID of 10. The SunScreen and Outside Accred rights are assigned to the role, and the minimum label is set to ADMIN_LOW. Make certain to assign a password.
-
Assign the sunscreen role to the user or users who administer SunScreen.
- © 2010, Oracle Corporation and/or its affiliates