The Security Adminstrator evaluates software for its ability to be trusted. As configured in the default system, the Security Administrator role can do the following:
Import and export software at multiple labels
Install software programs and CDE actions at ADMIN_LOW
in the public directories (such as /etc and /etc/dt/appconfig ) that allow use of the programs or actions by multiple users at all labels.
Determine what privileges a program requires to succeed.
Assign privileges to program files.
Assign privileges that are in effect when a command or action is executed in a trusted process.
Because applications and shell scripts, whether they are externally or internally obtained, are added to a site's rights profiles as commands, the term command in this chapter refers to applications, site-developed executable programs, and shell scripts.
See "Assigning Privileges" and the following sections, which define what it means for a program file to have privileges and for a command or action to inherit privileges.
See the Trusted Solaris Developer's Guide for how programmers can manipulate privileges.