The Primary Administrator rights profile is assigned to the most powerful role on the system. The role that includes the Primary Administrator rights profile has superuser capabilities.
The solaris.* authorization effectively assigns all of the authorizations that are provided by the Solaris software.
The solaris.grant authorization lets a role assign any authorization to any rights profile, role, or user.
The command assignment *:uid=0;gid=0 provides the ability to run any command with UID=0 and GID=0.
You can customize the help file RtPriAdmin.html for your site, if necessary. Help files are stored in the /usr/lib/help/profiles/locale/C directory.
Note also that if the Primary Administrator rights profile is not consistent with a site's security policy, the profile can be modified or not assigned at all. However, the security capabilities in the Primary Administrator rights profile would need to be handled in one or more other rights profiles. Those other rights profiles would then be assigned to roles.
Table 10–1 Contents of Primary Administrator Rights Profile
Purpose |
Contents |
---|---|
To perform all administrative tasks |
Commands: *:uid=0;gid=0 Authorizations: solaris.*, solaris.grant Help File: RtPriAdmin.html |