Using Privileged Applications

To run privileged applications, you must first become superuser or assume a role. Although running privileged applications as a normal user is possible, it is discouraged to avoid errors that are caused by users who inadvertently exercise this privilege.

How to Assume a Role at the Command Line

1. Use the su command as follows:

   % su my-role Password: my-role-password #

   Typing su by itself lets you become superuser. Typing su with a role name lets you assume that role (if it has been assigned to you). You must supply the appropriate password. Assuming a role switches the command line to the profile shell for that role. The profile shell has been modified to run commands with the security attributes that are assigned in the role's rights profiles.

2. Type a command in the shell.

   The command is executed with any assigned security attributes and setuid or setgid permissions.

How to Assume a Role in the Console Tools

1. Start the Solaris Management Console.

   Use one of the following methods:

   • Type smc at the command line.

   • Click the Solaris Management Console icon in the Tools subpanel.

   • Double-click the Solaris Management Console icon in the Application Manager.

   All Solaris Management Console tools have extensive context-sensitive help that document each field. In addition, you can access various help topics from the Help menu. Note that it does not matter whether you are logged in as root or as a normal user when you start the console.

2. Select the toolbox for your task.

   Navigate to the toolbox that contains the tool or collection in the appropriate scope and click the icon. The scopes are files (local), NIS, NIS+, and LDAP. If the appropriate toolbox is not displayed in the navigation pane, choose Open Toolbox from the Console menu and load the relevant toolbox.

3. Select the tool.

   Navigate to the tool or collection to be used and click the icon. The tools for managing the RBAC elements are all part of the User Tool Collection.

4. Authenticate yourself in the Login: User Name dialog box.

   Your choices are the following:

   • Type your user name and password to assume a role or to operate as a normal user.

   • Type root and the root password to operate as superuser.

   Note that if you have not yet set up any roles or if the roles that are set up cannot perform the appropriate tasks, you need to log in as root. If you authenticate yourself as root (or as a user with no roles assigned), the tools are loaded into the console and you can proceed to Step 6.

5. Authenticate yourself in the Login: Role dialog box.

   The Role option menu in the dialog box displays the roles that are assigned to you. Choose a role and type the role password. If you are to operate as a normal user, type your user name and password.

6. Navigate to the tool to be run and click the icon.