Devise an Administration Strategy.
In place of superuser, the Trusted Solaris environment provides three trusted administrative roles for managing the environment:
-
The security administrator is responsible for security-related tasks, such as setting up and assigning sensitivity labels, configuring auditing, and setting password policy.
-
The system administrator is responsible for the non-security aspects of setup, maintenance, and general administration.
-
The root role is mainly responsible for installing application software after the initial Trusted Solaris installation, in contrast to root's broader responsibilities in traditional UNIX environments.
There is also a less trusted role called "oper" for operator, that is responsible for backing up files. Since the environment is configurable, you can use these default roles, modify them, or create your own roles according to your security needs.
As part of your administration strategy, you need to decide:
-
Which users will be handling which administration responsibilities.
-
Which non-administrative users will be allowed to run trusted applications, that is, will be permitted to override security policy when necessary.
-
Which users will have access to which groups of data.
- © 2010, Oracle Corporation and/or its affiliates