Setting Up Initial Roles

The first role to create is the role that is responsible for managing users and roles, typically the Primary Administrator. First, you should install the users and the roles on your local host. After you have set up a toolbox for the name service scope, you need to create the same users and roles in the name service. See “Using the Solaris Management Tools in a Name Service Environment (Task Map)” in System Administration Guide: Basic Administration. After the first role is established and assigned to you, then you can run the console tools by assuming a role instead of becoming root.

How to Create the First Role (Primary Administrator) by Using the Administrative Roles Tool

To install the first role, you should log in as yourself. When you authenticate yourself to the Solaris Management Console, specify root user. You should first install the role on your local host. After the first role is established and assigned to you, you can run the console tools by assuming a role instead of as root user.

1. Type root and the root password in the Login: User Name dialog box. Click OK.

2. Click the Administrative Roles icon in either the navigation pane or the view pane of the User Tool Collection.

   The Administrative Roles tool is started. The Action menu now provides options for this tool.

3. Select Add Administrative Role from the Action menu.

   This step starts the Add Administrative Role wizard, a series of dialog boxes that request information that is necessary for configuring a role. Use the Next and Back buttons to navigate between dialog boxes. Note that the Next button does not become active until all required fields have been filled in. The last dialog box is for reviewing the entered data, at which point you can go back to change entries or click Finish to save the new role.

   The following figure shows the first dialog box, Step 1: Enter a Role Name.

   Figure 6–3 Add Administrative Role Wizard

   
   

4. Type primaryadmin, or whatever role name you are using, and the other identification information.

   If you select the role mailing list option, you can create an alias of users who can assume this role.

5. In the Step 2: Enter a Role Password dialog box, type the password for the new role in the Role Password field and again in the Confirm Password field.

   Confirmation helps prevent a misspelled password from being saved.

6. In the Step 3: Enter Role Rights dialog box, select the Primary Administrator rights profile.

   Double-click the Primary Administrator rights profile in the Available Rights column (on the left). The rights profiles in the Granted Rights column (on the right) are the rights profiles that are assigned to this role. In this instance, only the Primary Administrator rights profile is needed.

7. In the Step 4: Select a Home Directory dialog box, specify the server and path for the home directory.

8. In the Step 5: Assign Users to This Role dialog box, type the login names for any users to be assigned to the Primary Administrator role.

   Any users that you add must be defined in the same name service scope in which you are working. If you selected the role mailing list option in the Step 1: Enter a Role Name dialog box, these users will receive email that is addressed to the Primary Administrator role.

9. Check the information in the Review dialog box. Click Finish to save, or click Back to reenter information.

   If you discover missing or incorrect information, click the Back button repeatedly to display the dialog box where the incorrect information is displayed. Then, click Next repeatedly to return to the Review dialog box.

10. Open a terminal window, become root, and start and stop the name service cache daemon.

    The new role does not take effect until the name service cache daemon is restarted. After becoming root, type as follows:

    # /etc/init.d/nscd stop # /etc/init.d/nscd start