Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Trusted Extensions Configuration and Administration Oracle Solaris 11 Express 11/10 |
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding Trusted Extensions Software to the Oracle Solaris OS (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
6. Configuring a Headless System With Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
7. Trusted Extensions Administration Concepts
8. Trusted Extensions Administration Tools
9. Getting Started as a Trusted Extensions Administrator (Tasks)
Getting Started as a Trusted Extensions Administrator (Task Map)
How to Enter the Global Zone in Trusted Extensions
How to Exit the Global Zone in Trusted Extensions
10. Security Requirements on a Trusted Extensions System (Overview)
11. Administering Security Requirements in Trusted Extensions (Tasks)
12. Users, Rights, and Roles in Trusted Extensions (Overview)
13. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
14. Remote Administration in Trusted Extensions (Tasks)
15. Trusted Extensions and LDAP (Overview)
16. Managing Zones in Trusted Extensions (Tasks)
17. Managing and Mounting Files in Trusted Extensions (Tasks)
18. Trusted Networking (Overview)
19. Managing Networks in Trusted Extensions (Tasks)
20. Multilevel Mail in Trusted Extensions (Overview)
21. Managing Labeled Printing (Tasks)
22. Devices in Trusted Extensions (Overview)
23. Managing Devices for Trusted Extensions (Tasks)
24. Trusted Extensions Auditing (Overview)
25. Software Management in Trusted Extensions (Reference)
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Additional Security References
B. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
C. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Oracle Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
D. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Oracle Solaris Man Pages That Are Modified by Trusted Extensions
In Trusted Extensions, roles are the conventional way to administer the system. Typically, superuser is not used. Roles are created just as they are in the Oracle Solaris OS, and most tasks are performed by roles. In Trusted Extensions, the root user is not used to perform administrative tasks.
The following roles are typical of a Trusted Extensions site:
root role – Created by the initial setup team
Security Administrator role – Created during or after initial configuration by the initial setup team
System Administrator role – Created by the Security Administrator role
As in the Oracle Solaris OS, you might also create an Operator role, and so on.
As in the Oracle Solaris OS, only users who have been assigned a role can assume that role. On the trusted desktop, you can assume a role when your user name is displayed in the trusted stripe. The role choices appear when you click your user name.
To administer Trusted Extensions, you create roles that divide system and security functions. The initial setup team created the Security Administrator role during configuration. For details, see Create the Security Administrator Role in Trusted Extensions.
The process of creating a role in Trusted Extensions is identical to the Oracle Solaris OS process.
For an overview of role creation, see Chapter 10, Role-Based Access Control (Reference), in System Administration Guide: Security Services and Using RBAC (Task Map) in System Administration Guide: Security Services.
To create roles, see How to Create a Role in System Administration Guide: Security Services.
Unlike the Oracle Solaris OS, Trusted Extensions provides a Rolename menu item from the Trusted Path menu. After confirming the role password, the software activates a role workspace with the trusted path attribute. Role workspaces are administrative workspaces. Such workspaces are in the global zone.