Logical Domains 1.3 Administration Guide

Assigning Roles to Users

The advantage of using this procedure is that only a user who has been assigned a specific role can assume the role. In assuming a role, a password is required if the role is given a password. This provides two layers of security. If a user has not been assigned a role, then the user cannot assume the role (by doing the su role-name command) even if the user has the correct password.

ProcedureCreate a Role and Assign the Role to a User

  1. Create a role.

    # roleadd -A solaris.ldoms.read ldm_read
  2. Assign a password to the role.

    # passwd ldm_read
  3. Assign the role to a user; for example, user_1.

    # useradd -R ldm_read user_1
  4. Assign a password to the user (user_1).

    # passwd user_1
  5. Assign access only to the user_1 account to become the ldm_read account.

    # su user_1
  6. Type the user password when or if prompted.

  7. Verify the user ID and access to the ldm_read role.

    $ id
    uid=nn(user_1) gid=nn(<group name>)
    $ roles
  8. Provide access to the user for ldm subcommands that have read authorization.

    # su ldm_read
  9. Type the user password when or if prompted.

  10. Type the id command to show the user.

    $ id
    uid=nn(ldm_read) gid=nn(<group name>)