| | | |
A |
|
| access |
| | administrator responsibilities ( ) |
| | to devices ( ) |
| | to printers ( ) |
|
| access policy, devices ( ) |
|
| accounts |
| | assigning labels ( ) |
| | assigning passwords ( ) |
| | assigning rights ( ) |
| | assigning roles ( ) |
| | assigning shells ( ) |
| | deletion precautions ( ) |
| | planning ( ) |
| | security precautions ( ) |
| | startup files ( ) ( ) |
|
| accreditation checks ( ) ( ) |
|
| actions |
| | adding new ( ) ( ) |
| | adding outside the System_Admin folder ( ) |
| | restricted by account profiles ( ) |
| | using ( ) |
|
| add_allocatable command ( ) |
|
| Add to NIS+ Administrative Group action ( ) ( ) ( ) |
|
| Admin Editor, using ( ) |
|
| ADMIN_LOW label |
| | installing software ( ) |
| | mail ( ) |
| | protecting administrative files ( ) |
| | role workspace ( ) |
|
| administrative actions |
| | Add to NIS+ Administrative Group ( ) ( ) ( ) |
| | adding ( ) |
| | Admin Editor ( ) |
| | available in Rights tool ( ) |
| | creating ( ) ( ) ( ) |
| | in System_Admin folder ( ) |
| | launching remotely ( ) |
| | Name Service Switch ( ) |
| | name services ( ) |
| | Set Mail Options ( ) |
| | trusted ( ) |
| | using ( ) |
|
| administrative roles |
| | adding a name service client ( ) |
| | administering NIS+ ( ) |
| | administering remotely ( ) |
| | assuming ( ) ( ) |
| | changing workspace label ( ) |
| | described ( ) |
| | exiting ( ) |
| | launching the Printer Administrator ( ) |
| | logging in remotely ( ) |
| | remote role assumption ( ) |
| | saving and restoring name service databases ( ) |
| | workspaces ( ) |
|
| Administrative Roles tool, using ( ) |
|
| administrative tools, See Solaris Management Console ( ) |
|
| adminvi command, aliasing vi ( ) |
|
| allocate command, described ( ) |
|
| allocate error state |
| | caused by failure of eject ( ) |
| | defined ( ) |
| | procedure for correcting ( ) |
|
| Application Manager, as trusted process ( ) |
|
| applications |
| | assigning forced privileges ( ) |
| | evaluating for security ( ) |
|
| at.allow file ( ) |
|
| at command, administrative differences ( ) |
|
| at jobs, running privileged commands ( ) |
|
| atohexlabel command ( ) |
|
| atq command ( ) |
|
| atrm command ( ) |
|
| attr_mac_policy ( ) |
|
| audio coprocessor ( ) |
|
| AUDIO_DRAIN ioctl, run by device_clean ( ) |
|
| AUDIO_SETINFO ioctl, resetting device to default ( ) |
|
| AUDIOGETREG ioctl, run by device_clean ( ) |
|
| auth_name file ( ) |
|
| authorizations |
| | adding ( ) |
| | adding to software ( ) |
| | Allocate Device ( ) ( ) ( ) |
| | device-related ( ) |
| | device-related procedures ( ) |
| | Edit Owned Jobs ( ) ( ) |
| | for device administration ( ) |
| | for devices ( ) |
| | Manage All Jobs ( ) ( ) |
| | | |
D |
|
| DAC |
| | device files ( ) |
| | policy for devices ( ) |
|
| deallocate command ( ) |
|
| default shells, assigning to accounts ( ) |
|
| /dev/kmem kernel image file, security violation ( ) |
|
| developers responsibilities ( ) |
|
| device_allocate file ( ) |
|
| Device Allocation Manager |
| | administering devices ( ) |
| | allocating and administering devices ( ) |
| | allocating devices ( ) |
|
| device_clean command ( ) |
|
| device_clean scripts |
| | for tape devices ( ) |
| | modifying ( ) |
| | procedure for adding devices ( ) |
| | review ( ) |
|
| device_maps file ( ) |
|
| device policy, setting ( ) |
|
| device_policy file ( ) |
|
| device special files, access policy ( ) |
|
| devices |
| | access policy ( ) ( ) |
| | accessing ( ) |
| | adding ( ) |
| | adding device_clean script ( ) |
| | adding site-specific authorizations ( ) |
| | administering ( ) ( ) |
| | authorizations ( ) |
| | configuring serial line ( ) |
| | modifying policy ( ) |
| | non-allocatable |
| | | setting the label range ( ) |
| | policy defaults ( ) |
| | reclaiming ( ) |
| | setting policy ( ) |
| | setting up audio ( ) |
|
| directories |
| | changing flags ( ) |
| | changing labels and privileges ( ) |
| | security attributes ( ) ( ) |
| | sharing ( ) |
| | upgraded ( ) |
|
| dminfo command, reporting entry in the device_maps ( ) |
|
| dtsession command, running updatehome ( ) |
|
| dtterm terminal |
| | forcing the sourcing of .profile ( ) ( ) |
|
| dtwm command ( ) |
| | | |
E |
|
| Edit Owned Jobs authorization ( ) ( ) |
|
| editing privileged executables ( ) |
|
| email |
| | managing ( ) ( ) |
| | options ( ) |
| | switching mail tools ( ) ( ) |
| | troubleshooting ( ) |
|
| emetric, described ( ) |
|
| emetrics, using in routing ( ) |
|
| /etc/cron.d/CRON, cron lock file ( ) |
|
| /etc/cron.d/cron.admin file, creating ( ) |
|
| /etc/default/login file, specifying RETRIES ( ) |
|
| /etc/init.d directory, RMTMPFILES script ( ) |
|
| /etc/init.d scripts, Trusted Solaris modifications ( ) |
|
| /etc/nologin file, disabling logins ( ) |
|
| /etc/skel directory ( ) |
|
| exec system call, inheriting privileges across ( ) |
|
| executable files |
| | assigning forced privileges ( ) |
| | editing while preserving privileges ( ) |
|
| exporting software ( ) |
| | | |
F |
|
| failsafe session, recovering from startup file errors ( ) |
|
| fallback mechanism, creating ( ) |
|
| FDFS, mounting ( ) |
|
| file_mac_write privilege, resulting in a file's dominating its directory's SL ( ) |
|
| File Manager |
| | as trusted process ( ) |
| | changing security attributes ( ) |
| | Privileges dialog box ( ) |
|
| file systems |
| | cachefs type ( ) |
| | changing security attributes using mount ( ) |
| | changing security attributes using newsecfs ( ) |
| | changing security attributes using setfsattr command ( ) |
| | changing security attributes using vfstab file ( ) |
| | fdfs type ( ) |
| | hsfs type ( ) |
| | lofs type ( ) |
| | managing ( ) |
| | nfs type ( ) |
| | pcfs type ( ) |
| | security attributes ( ) ( ) |
| | sharing ( ) |
| | single label ( ) |
| | table of supported types, examples, notes ( ) |
| | tmpfs type ( ) |
|
| file_upgrade_sl privilege, resulting in upgraded names ( ) |
|
| files |
| | backing up ( ) |
| | changing flags ( ) |
| | changing labels ( ) |
| | changing privileges ( ) |
| | managing ( ) |
| | procedure for changing labels and privileges ( ) |
| | restoring ( ) |
| | upgraded ( ) |
|
| floppy disk devices |
| | accessing ( ) |
| | device_clean script ( ) |
|
| forced privileges, assigning ( ) |
|
| fork system call, inheriting privileges across ( ) |
|
| Front Panel |
| | as trusted process ( ) |
| | Device Allocation Manager ( ) |
| | | |
I |
|
| icons |
| | visibility |
| | | in the File Manager ( ) |
| | | in the Workspace Menu ( ) |
|
| identification and authentication |
| | before assuming a role ( ) ( ) |
|
| IMAP server, adding to NIS+ admin group ( ) |
|
| inheritable privileges ( ) |
|
| init.d directory, RMTMPFILES script ( ) |
|
| initialization files, Trusted Solaris differences ( ) |
|
| Interface Manager tool, using ( ) |
|
| internationalization, changing printer output ( ) |
|
| IP Options, using for trusted routing ( ) |
| | | |
L |
|
| label_encodings file |
| | procedures |
| | | printing without banners and trailers ( ) |
|
| label ranges |
| | receiving mail outside of ( ) |
| | setting on individual computers ( ) |
| | setting on printers ( ) |
|
| labels |
| | changing on files and directories ( ) |
| | seeing on directories ( ) |
|
| libt6 library ( ) |
|
| .link_files file |
| | using ( ) |
| | example ( ) |
| | setting up for users ( ) |
|
| links - symbolic, MAC attributes ( ) |
|
| list_devices command ( ) |
|
| local.login file, defining printers ( ) |
|
| LOFS, mounting ( ) |
|
| login |
| | by administrative roles ( ) ( ) |
| | configuring serial line ( ) |
| | maximum allowed number of failures ( ) |
| | opening an account closed by too many failed logins ( ) |
| | preventing being disabled after reboot ( ) |
| | setting the maximum number of failures ( ) |
|
| .login file |
| | setting up for users ( ) ( ) |
|
| login sequence ( ) |
|
| login shells, assigning to roles ( ) |
| | | |
M |
|
| MAC |
| | cautions about override privileges ( ) |
| | incoming packets |
| | | packets ( ) |
| | outgoing packets ( ) |
| | policy for devices ( ) |
|
| mail |
| | adding IMAP server ( ) |
| | alternate application ( ) |
| | checking network connections ( ) |
| | creating action ( ) |
| | installing alternate mailer ( ) |
| | loss of mail icons ( ) |
| | managing ( ) ( ) |
| | modifying an alias ( ) |
| | options ( ) ( ) |
| | outside label range ( ) |
| | setting up IMAP server ( ) |
| | substituting alternate application ( ) |
| | switching mail tools ( ) ( ) |
| | troubleshooting ( ) ( ) |
| | viewing the mail queue ( ) |
|
| Mailing Lists tool, using ( ) |
|
| .mailrc file ( ) |
|
| man pages |
| | accessing all ( ) ( ) |
|
| Manage All Jobs authorization ( ) ( ) |
|
| MANPATH environment variable ( ) |
|
| MLDs |
| | listing user's home directories ( ) |
| | mounting ( ) |
| | mounting on unlabeled hosts ( ) |
| | privilege requirements ( ) |
|
| mounts |
| | managing ( ) |
| | procedure for TMPFS file systems ( ) |
| | troubleshooting ( ) |
| | | |
P |
|
| packages, accessing the CD ( ) |
|
| packets |
| | IP options ( ) |
| | IP options field ( ) |
| | outgoing |
| | | MAC rules ( ) |
| | security attributes ( ) |
|
| passwords |
| | assigning ( ) |
| | changing allowed tries ( ) |
| | role ( ) |
| | storage ( ) |
|
| PCFS, mounting ( ) |
|
| permissions, on devices ( ) |
|
| polling trusted network databases, changing ( ) |
|
| Printer Administrator, launching ( ) |
|
| printers, setting label range ( ) |
|
| printing |
| | accessing remote printer ( ) |
| | configuring attached printer ( ) |
| | configuring for labels ( ) |
| | configuring labels and text ( ) |
| | managing ( ) |
| | restricting label range ( ) |
| | using a non-Trusted Solaris server ( ) |
| | without banners and trailers ( ) |
| | without labels ( ) |
| | without page labels ( ) ( ) |
|
| priv_name file ( ) |
|
| priv_names.h file ( ) |
|
| privilege debugging, setting tsol_privs_debug ( ) |
|
| privileged commands, run by cron and at ( ) |
|
| privileged programs ( ) |
|
| privileges |
| | adding ( ) |
| | adding to software ( ) |
| | allowed ( ) |
| | assigning forced ( ) |
| | changing on files and directories ( ) |
| | debugging ( ) |
| | forced |
| | | assigning ( ) |
| | giving forced ( ) |
| | inheritable ( ) ( ) |
| | non-obvious reasons for requiring ( ) |
| | passing to child processes ( ) |
| | saving and restoring an edited executable ( ) |
|
| PROCFS, mounting ( ) |
|
| .profile file |
| | setting up for users ( ) ( ) |
|
| profile shell |
| | enabling privilege ( ) |
| | startup algorithm ( ) |
|
| profiles, assigning ( ) |
|
| programs |
| | commercial |
| | | assigning privileges to ( ) |
| | new, trusted |
| | | assigning privileges to ( ) |
| | privilege debugging ( ) |
| | trusted vs. trustworthy ( ) |
| | | |
R |
|
| rcp command, required privilege ( ) |
|
| real UID of root, required for applications ( ) |
|
| reboot, changing device_policy ( ) |
|
| remote administration, editor limitations ( ) |
|
| remote logins, enabling for roles ( ) |
|
| remote role assumption ( ) |
|
| remove_allocatable command ( ) |
|
| rights, assigning ( ) |
|
| rights profiles |
| | boot ( ) |
| | controlling the use of actions ( ) |
| | creating ( ) |
| | creating new for boot commands ( ) |
| | listing ( ) |
| | modifying ( ) |
|
| Rights tool |
| | specifying privileges for commands and actions ( ) |
| | using ( ) ( ) ( ) ( ) |
| | viewing new actions ( ) |
|
| RIPSO |
| | supported classifications ( ) |
| | use in packets ( ) |
|
| roles |
| | administrative ( ) |
| | assigning login shell ( ) |
| | creating ( ) ( ) |
| | listing ( ) |
| | managing ( ) |
| | modifying ( ) |
| | See administrative roles ( ) |
|
| root UID, required for applications ( ) |
|
| routers ( ) |
|
| routing |
| | concepts ( ) ( ) |
| | static with emetrics ( ) |
| | tables ( ) |
|
| run control scripts |
| | shell use ( ) ( ) |
|
| runpd command ( ) |
| | | |
S |
|
| /sbin/sysh shell ( ) |
|
| security administrators |
| | enforcing security ( ) |
| | modifying window configuration files ( ) |
|
| security attributes |
| | file systems ( ) ( ) |
| | modifying user defaults ( ) ( ) |
| | saving to tape ( ) |
| | setting at mount time ( ) |
| | setting for remote hosts ( ) |
| | setting on file system ( ) |
| | setting using newsecfs ( ) |
|
| Security Families tool |
| | assigning templates ( ) |
| | using ( ) |
|
| security features, identification and authentication ( ) |
|
| security mechanisms, extendable ( ) |
|
| security policy |
| | allowing a wildcard in special boot files ( ) |
| | training users ( ) ( ) ( ) |
|
| sel_config file |
| | changing defaults ( ) |
| | configuring selection transfer rules ( ) |
| | sections ( ) |
|
| sel_mgr command ( ) |
|
| sendmail command |
| | tracing mail delivery ( ) |
| | using ( ) |
|
| serial line, configuring for logins ( ) |
|
| Set Mail Options action ( ) |
|
| setfattrflag command ( ) |
|
| setfpriv command ( ) |
|
| setfsattr command ( ) |
|
| shell scripts |
| | profile ( ) |
| | Trusted Solaris behavior ( ) |
| | user and role requirements ( ) |
| | writing ( ) |
| | writing privileged ( ) |
| | writing privileged using standard shells ( ) |
|
| shells |
| | assigning to accounts ( ) |
| | assigning to roles ( ) |
| | profile ( ) ( ) |
| | profile startup algorithm ( ) |
| | standard ( ) |
| | sysh ( ) |
|
| skeleton directories |
| | defining printers ( ) |
| | use in Trusted Solaris ( ) |
|
| software |
| | exporting ( ) |
| | importing ( ) |
| | installing at ADMIN_LOW ( ) |
| | installing Java programs ( ) |
| | porting |
| | | reasons against ( ) |
| | privilege debugging ( ) |
|
| Solaris Management Console |
| | Administrative Roles tool ( ) |
| | Interface Manager tool ( ) |
| | launching ( ) |
| | Rights tool ( ) ( ) ( ) ( ) |
| | Security Families tool ( ) |
| | User Accounts tool ( ) ( ) |
|
| startup files |
| | configuring accounts ( ) ( ) |
| | .mailrc file ( ) |
| | procedures for customizing ( ) ( ) |
| | read at window system startup ( ) |
| | recovering from errors ( ) |
| | RMTMPFILES ( ) |
|
| Stop-A |
| | changing default ( ) |
| | enabling ( ) |
|
| str_type ( ) |
|
| symbolic links, MAC attributes ( ) |
|
| sysh shell ( ) |
|
| System_Admin folder, using administrative actions ( ) |
|
| system file, changing defaults ( ) |
|
| system security, violations ( ) |
|
| system shell, enabling privilege ( ) |
| | | |
T |
|
| tape devices |
| | accessing ( ) |
| | device_clean scripts ( ) |
|
| tar, saving security attributes ( ) |
|
| TMPFS |
| | mounting ( ) |
| | procedure for mounting ( ) |
|
| tnd polling interval, changing ( ) |
|
| Tools subpanel, Device Allocation Manager ( ) |
|
| troubleshooting |
| | loss of mail icons ( ) |
| | mail delivery ( ) |
| | mounts ( ) |
| | sendmail ( ) |
|
| trusted_edit script, assigning as default editor ( ) |
|
| trusted networking |
| | 0.0.0.0 tnrhdb entry ( ) |
| | fallback mechanism ( ) |
| | host types ( ) |
|
| trusted path attribute, when available ( ) |
|
| Trusted Path menu ( ) |
|
| trusted processes |
| | defined ( ) |
| | launching actions ( ) |
|
| trusted programs |
| | adding ( ) |
| | defined ( ) |
|
| trustworthy programs ( ) |
|
| tsol_hide_upgraded_names kernel switch ( ) |
|
| tsol_privs_debug kernel switch ( ) |
|
| TSOLadmin.dt file, adding an administrative action ( ) |
|
| tsolgateways file ( ) |
|
| tunnel file |
| | procedure for creating ( ) |
| | setting up tunneling ( ) |
|
| tunnelling, passing emetrics through non-TSOL hosts gateways ( ) |
| | | |
U |
|
| UFS, mounting in Trusted Solaris ( ) |
|
| UIDs, effective UID of root ( ) |
|
| UNIX domain socket, used by cron and its clients ( ) |
|
| unlabeled hosts, mounting MLDs ( ) |
|
| updatehome command ( ) |
|
| upgraded names ( ) |
|
| User Accounts tool |
| | assigning rights profiles ( ) |
| | opening an account closed by too many failed logins ( ) |
| | using ( ) ( ) |
|
| User Templates tool |
| | advantages ( ) |
| | using ( ) |
|
| users |
| | access to devices ( ) |
| | access to printers ( ) |
| | assigning authorizations ( ) |
| | assigning rights ( ) |
| | creating ( ) ( ) |
| | creating templates ( ) ( ) |
| | modifying ( ) |
| | modifying security defaults ( ) ( ) |
| | preventing account locking ( ) ( ) |
| | security training ( ) ( ) ( ) |
| | setting up skeleton directories ( ) |
| | setting up startup files ( ) ( ) |
| | tracking others' jobs ( ) ( ) |
|
| /usr/dt/appconfig/appmanager/C/System_Admin file, adding an administrative action ( ) |
|
| /usr/dt/appconfig/types/C/TSOLadmin.dt file, adding an administrative action ( ) |