test

Trusted Solaris Installation and Configuration

To Create a Role

Note -

In previous releases, roles were local. In Trusted Solaris 8, roles (other than root) can be distributed, and are created by the install team. Profiles are hierarchical, so each role can be assigned a profile that includes other profiles.

  1. In the root role, at label ADMIN_LOW, invoke the Solaris Management Console action from the Application Manager.

    See "To Initialize the SMC Server" if you are unsure of how to start the SMC server.

  2. Select the appropriate toolbox.

    See "To Select a Toolbox of the Appropriate Scope" for assistance.

  3. Click Trusted Solaris Configuration, then double-click Users.

  4. Enter the role password at the prompt.

  5. Double-click Administrativ... (Administrative Roles).

    Note -

    If toolbox icons display as red stop signs, the toolboxes will not load. To load them, do Step 4.

  6. Choose Add Administrative Role from the Action menu.

    The Add Administrative Role wizard enables you to enter all values that are required for a role to work well. Values that you are not prompted to enter will get the default. If you want to view or modify all fields of a role, double-click the role after creating it.

  7. Create the secadmin role to be the security administrator. Use the following table when creating the role.

    The secadmin password, and all passwords, should be one that is not easy to guess, thus reducing the chance of an attacker gaining unauthorized access by attempting to guess passwords.

    Note -

    For all administrative roles make the account Always Available, and do not set password expiration dates.

    Table 3-2 secadmin Values in Add Role Dialog

    Tab 

    Role Field 

    (Recommended) Value 

    Role Name 

    Role name 

    secadmin 

    Full Name 

    Security Administrator 

     

    Description 

    No proprietary info here. 

     

    Role ID Number 

    >=100 

     

    Role shell 

    Administrator's Bourne (profile shell) 

     

    Create a role mailing list 

    checked 

    Password 

    Password and confirm 

    Assign a password of at least 6 alphanumeric characters. 

    Rights 

    Available and Granted 

    Information Security

    Rights Security 

    Home Directory 

    Server 

    home directory server

    Path 

    /mount_path

    Assign Users 

    Add and Delete 

    This will be automatically filled in when you assign a role to a user. 

  8. After creating the role, select it and double-click it to modify it using information from the following table as a guide.

    Table 3-3 secadmin Values in Properties/Modify Dialog

    Tab 

    Role Field 

    (Recommended) Value 

    Password 

    Set password by Type in or Choose from list 

    (Set in Table 3-2.)

     

    Update password by Choose from list or Type in 

     

    Group 

    Available Groups 

     

    Trusted Solaris Attributes 

    Minimum Label: Edit 

    Default value is correct. 

     

    Clearance: Edit 

    Default value is correct. 

     

    View: External or Internal 

    The default value is External. 

     

    Label: Show or Hide 

    If your site is a no-label site, choose Hide. 

     

    Lock account ... 

    Default value, No, is correct. 

    Audit 

    Excluded and Included 

    Set flags per site security policy 

  9. Using the preceding tables as a guide, create the following roles with unique IDs:

    Role Name 

    Granted Rights 

    admin 

    System Administrator 

    primaryadmin 

    Primary Administrator 

    oper 

    Operator 

    Caution - Caution -

    You must create the administrative roles before you create the users, since you will assign a role to each user.

  10. Return to the procedure and chapter you are working from.