Add Administrative Roles to Three /etc Files

When you operate locally, the Trusted Solaris administrative roles must have their names and passwords in the appropriate /etc files. There are three files to modify: passwd, shadow, and tsoluser.

1. Save the original files by copying them to *.orig.

   # cd /etc # cp -p passwd passwd.orig # cp -p shadow shadow.orig # # cd /etc/security/tsol # # cp -p tsoluser tsoluser.orig

2. Add the contents of each *.roles file to its corresponding /etc file.

   1. Using the Admin Editor, open the file /etc/passwd and go to the end of the file.

   2. Read in the file /etc/passwd.roles (the Admin Editor command is :r filename).

   3. Write and exit the file /etc/passwd.

      The passwd file now contains its original text and the text of the file passwd.roles.

   4. To verify, grep for the role secadmin in a profile shell.

      # cd /etc # grep secadmin passwd secadmin:x:101:14:Security Admin:/etc/security/tsol/home/secadmin:/usr/bin/pfsh

   5. Repeat the above steps for /etc/shadow and shadow.roles, and for /etc/security/tsol/tsoluser and tsoluser.roles. To write out an edited shadow file, you must use the Admin Editor command :wq!, since the file is write-protected.

      ---

      Caution -

      The Trusted Solaris roles must be in the local passwd, shadow, and tsoluser files for the Trusted Solaris environment to work. Do not (further) edit the files tsolprof, tsoluser, passwd, or shadow. After booting, you will modify these using the Solstice_Apps tools, User Manager and Profile Manager.

      ---

3. Modify other /etc files as necessary.