test

Trusted Solaris 7 Installation and Configuration on the Sun Enterprise 10000

Installing from a CDROM

To install the Trusted Solaris version of SSP 3.1.1 shipped on the Trusted Solaris Supplemental CD, you need to set up the CDROM. The following set of procedures properly allocates and mounts the CDROM for installing the Trusted Solaris SSP 3.1.1 software.

Prepare the CDROM Device

  1. Log in as a user on the SSP that can assume the root and secadmin roles. Assume the root role.

  2. In the root role, at label admin_low, use the Device Allocation Manager to allocate the CDROM drive, but do not mount it.

    Do not try to use the Volume Manager; it is disabled in the Trusted Solaris environment.

    1. Click the triangle above the Style Manager on the Front Panel to display the Trusted Desktop subpanel. Click Device Allocation.

    2. Double-click the CDROM device to move it to the Allocated Devices list.

    3. Write down the device name for the CDROM drive as indicated in the "Insert disk into..." message in the Device Allocation window.

      For example, if the message reads: 

      Insert disk into /dev/dsk/c0t2d0s0.
      Make sure disk is labeled ADMIN_LOW [ADMIN_LOW].
      Press RETURN when cdrom_0 is ready, or ^C to cancel.
      then write down the device name, /dev/dsk/c0t2d0s0, before continuing.

    4. Insert the Trusted Solaris Supplemental CD into the CDROM drive and press the Return key.

    5. Answer n to the Do you want cdrom_0 mounted: (y/n)? n question.

      Note -

      This differs from the instructions in Trusted Solaris Installation and Configuration. Follow these instructions: do not mount the CDROM.

  3. In the root role, at label admin_low, make sure that /cdrom/root exists.

    If it does not, create it:


    ssp# mkdir -p /cdrom/root

  4. Mount the CDROM with all allowed and forced privileges.

    ssp# mount -F hsfs -o ro -S "allowed=all;forced=all" cdrom_device /cdrom/root

    For example, for the CDROM on device /dev/dsk/c0t2d0s0, type:


    ssp# mount -F hsfs -o ro -S "allowed=all;forced=all" \
 /dev/dsk/c0t2d0s0 /cdrom/root

  5. Check that the mount succeeded with the df(1M) command:


    ssp# df -k grep | cdrom
/dev/dsk/c0t2d0s0  544100 544100  0  100%  /cdrom/root
Add the /cdrom/root/Tools/ssp_install Command to the Custom Root Role Profile

This procedure requires that the CDROM has been mounted as described in "Prepare the CDROM Device".

  1. Assume the secadmin role. At label admin_low, open the Profile Manager application.

  2. In the Profile Manager: Load window, select none for Name Service then click the OK button.

  3. In the Profile Manager: Open window select Custom Root Role then click the Modify button.

  4. In the Profile Manager main window, select View from the menu bar then select Commands from the submenu.

  5. Enter /cdrom/root/Tools in the Pathname: box, then click the Add button next to it.

    You should see /cdrom/root/Tools added to the Exclude list.

  6. Click on /cdrom/root/Tools in the Exclude list.

    It expands to display all the commands available in the /cdrom/root/Tools directory.

  7. Select command ssp_install and add it to the Include list.

  8. Click on the Privileges... button and select ALL privileges for the ssp_install command.

  9. Select Profiles from the Profile Manager main window menu bar then select Save Profile from the submenu to save the Custom Root Role profile.

    For more details on adding commands to role's profile, see "To Add a Command to a Role's Profile" section in Trusted Solaris Installation and Configuration.

Check the tsolprof Setting in the nsswitch.conf File

  1. Assume the root role. In the root role, make sure that the tsolprof entry in the /etc/nsswitch.conf file has files as its first value:


    tsolprof: files nisplus
Assume the root Role with the New Profile

  1. Go to the workspace of the user who can assume the root role.

  2. Delete the root role workspace.

  3. Assume the root role again.

    This action re-reads the root role's profiles. The Custom Root Role profile with your changes is now in effect.

  4. In the root role, at label admin_low, issue the clist(1M) command to verify that the command /cdrom/root/Tools/ssp_install is available.


    ssp# clist -p | grep /cdrom/root/Tools/ssp_install
/cdrom/root/Tools/ssp_install: all

    The list should indicate all, which means all privileges.