This procedure assigns a local role to a local user, restarts the name cache daemon, and then shows how the user can assume the role.
To assign a role to a user in a distributed name service, see How to Create a Role From the Command Line and How to Change the Properties of a Role.
You have added a local role, as described in How to Create a Role From the Command Line. You must either assume a role that includes the Primary Administrator rights profile, or switch to thh user root.
Assign the role to a local user.
If you added a local role with the roleadd command, this step is required. This step is optional when you use the smrole command and the Solaris Management Console to create a role.
# usermod -u UID -R rolename login-name |
Is the UID of the user.
Is the role that is being assigned to the user.
Is the user's login name.
To put the changes into effect, restart the name service cache daemon.
# svcadm restart system/name-service-cache |
If you added a role with a Solaris Management Console interface, go to Using Roles (Task Map). Otherwise, continue with the next step.
(Optional) To unlock the role account, the user must create a password.
If you added a local role with the roleadd command, this step is required.
% su - rolename Password: <Type rolename password> Confirm Password: <Retype rolename password> $ |
In this example, a role is created to administer the Solaris Cryptographic Framework. The Crypto Management rights profile contains the cryptoadm command for administering hardware and software cryptographic services on a local system.
# roleadd -c "Cryptographic Services manager" \ -g 14 -m /export/home/cryptoadm -u 104 -s pfksh \ -P "Crypto Management" cryptomgt # usermod -u 1111 -R cryptomgt # svcadm restart system/name-service-cache % su - cryptomgt Password: <Type cryptomgt password> Confirm Password: <Retype cryptomgt password> $ /usr/ucb/whoami cryptomgt $ |
For information about the Solaris Cryptographic Framework, see Chapter 13, Solaris Cryptographic Framework (Overview). To administer the framework, see Administering the Cryptographic Framework (Task Map).