How the Trusted Solaris Environment Implements Administration

In conventional UNIX systems, superuser (root) is all-powerful, with the ability to read and write to any file, run all programs, and send kill signals to any process. In the Trusted Solaris environment, root's capabilities are divided into separate role accounts that can be assigned to different individuals.

Roles are used mainly for security-related tasks. Roles:

Require separate authentication
Are assigned to sysadmin group 14
Are privileged NIS+ principals
Operate in special workspaces that can supply the trusted path attribute to those processes requiring them

Many administrative applications require all four conditions to run successfully.

Previous: How the Trusted Solaris Environment Enforces Access Control Policy
Next: Understanding Trusted Software Administration