The Primary Administrator rights profile is assigned the most powerful role on the system, effectively providing that role with superuser capabilities.
The solaris.* authorization effectively assigns all of the authorizations that are provided by the Solaris software.
The solaris.grant authorization lets a role assign any authorization to any rights profile, role, or user.
The command assignment *:uid=0;gid=0 provides the ability to run any command with UID=0 and GID=0.
The help file RtPriAdmin.html is identified so that a site can modify it if necessary. Help files are stored in the /usr/lib/help/auths/locale/C directory.
Note also that if the Primary Administrator rights profile is not consistent with a site's security policy, it can be modified or not assigned at all. However, the security capabilities in the Primary Administrator rights profile would need to be handled in one or more other rights profiles.
Table 19–2 Contents of Primary Administrator Rights Profile
Purpose |
Contents |
---|---|
To perform all administrative tasks |
Commands: * Authorizations: solaris.*, solaris.grant Help File: RtPriAdmin.html |