Trusted Solaris Roles Replace Solaris Users

The Trusted Solaris environment does not have a superuser. Superuser tasks are divided among administrative roles. administrative roles run with a special shell, a profile shell (see the pfexec(1) man page). Roles do not directly log in; they are “assumed” by a user who is assigned the role by the security administrator. A role can only log in remotely from the same role on another Trusted Solaris workstation. For more information on roles, see “Assuming a Role and Working in a Role Workspace” in Trusted Solaris Administrator's Procedures.

Superuser (root) Versus Administrative Roles

The Solaris superuser (root) has been replaced by Trusted Solaris administrative roles, such as root and admin. For the Trusted Solaris SSP 3.3 and the Trusted Solaris AP 2.3, any commands that superuser runs in a Solaris environment are run by the admin role in a Trusted Solaris environment. The admin role runs with a profile shell (pfsh), and should not be changed to run with other shells.