JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Trusted Extensions Administrator's Procedures     Oracle Solaris 10 1/13 Information Library
search filter icon
search icon

Document Information

Preface

1.  Trusted Extensions Administration Concepts

2.  Trusted Extensions Administration Tools

3.  Getting Started as a Trusted Extensions Administrator (Tasks)

What's New in Trusted Extensions

Security Requirements When Administering Trusted Extensions

Role Creation in Trusted Extensions

Role Assumption in Trusted Extensions

Getting Started as a Trusted Extensions Administrator (Task Map)

How to Enter the Global Zone in Trusted Extensions

How to Exit the Global Zone in Trusted Extensions

How to Administer the Local System With the Solaris Management Console

How to Start CDE Administrative Actions in Trusted Extensions

How to Edit Administrative Files in Trusted Extensions

4.  Security Requirements on a Trusted Extensions System (Overview)

5.  Administering Security Requirements in Trusted Extensions (Tasks)

6.  Users, Rights, and Roles in Trusted Extensions (Overview)

7.  Managing Users, Rights, and Roles in Trusted Extensions (Tasks)

8.  Remote Administration in Trusted Extensions (Tasks)

9.  Trusted Extensions and LDAP (Overview)

10.  Managing Zones in Trusted Extensions (Tasks)

11.  Managing and Mounting Files in Trusted Extensions (Tasks)

12.  Trusted Networking (Overview)

13.  Managing Networks in Trusted Extensions (Tasks)

14.  Multilevel Mail in Trusted Extensions (Overview)

15.  Managing Labeled Printing (Tasks)

16.  Devices in Trusted Extensions (Overview)

17.  Managing Devices for Trusted Extensions (Tasks)

18.  Trusted Extensions Auditing (Overview)

19.  Software Management in Trusted Extensions (Tasks)

A.  Quick Reference to Trusted Extensions Administration

B.  List of Trusted Extensions Man Pages

Index

Getting Started as a Trusted Extensions Administrator (Task Map)

Familiarize yourself with the following procedures before administering Trusted Extensions.

Task
Description
For Instructions
Log in.
Logs you in securely.
Perform common user tasks on a desktop.
These tasks include:
  • Configuring your workspaces

  • Using workspaces at different labels

  • Accessing Trusted Extensions man pages

  • Accessing Trusted Extensions online help

Perform tasks that require the trusted path.
These tasks include:
  • Allocating a device

  • Changing your password

  • Changing the label of a workspace

Create useful roles.
Creates administrative roles for your site. Creating roles in LDAP is a one-time task.

The Security Administrator role is a useful role.

(Optional) Make root a role.
Prevents anonymous login by root. This task is done once per system.
Assume a role.
Enters the global zone in a role. All administrative tasks are performed in the global zone.
Exit a role workspace and become regular user.
Leaves the global zone.
Locally administer users, roles, rights, zones, and networks.
Uses the Solaris Management Console to manage the distributed system.
Administer the system by using Trusted CDE actions.
Uses the administrative actions in the Trusted_Extensions folder.
Edit an administrative file.
Edits files in a trusted editor.
Administer device allocation.
Uses the Device Allocation Manager – Device Administration GUI.

How to Enter the Global Zone in Trusted Extensions

By assuming a role, you enter the global zone in Trusted Extensions. Administration of the entire system is possible only from the global zone. Only superuser or a role can enter the global zone.

After assuming a role, the role can create a workspace at a user label to edit administration files in a labeled zone.

For troubleshooting purposes, you can also enter the global zone by starting a Failsafe session. For details, see How to Log In to a Failsafe Session in Trusted Extensions.

Before You Begin

You have created one or more roles, or you plan to enter the global zone as superuser. For pointers, see Role Creation in Trusted Extensions.

  1. Use a trusted mechanism.
    • In Solaris Trusted Extensions (JDS), click your user name in the trusted stripe and choose a role.

      If you have been assigned a role, the role names are displayed in a list.

      For the location and significance of Trusted Extensions desktop features, see Chapter 4, Elements of Trusted Extensions (Reference), in Trusted Extensions User’s Guide.

    • In Solaris Trusted Extensions (CDE), open the Trusted Path menu.
      1. Click mouse button 3 over the workspace switch area.
        image:The illustration shows the Workspace Switch Area in Trusted CDE.
      2. Choose Assume rolename Role from the Trusted Path menu.
  2. At the prompt, type the role password.

    In Trusted CDE, a new role workspace is created, the workspace switch button changes to the color of the role desktop, and the title bar above each window shows Trusted Path. In Trusted JDS, the current workspace changes to the role workspace.

    In Trusted CDE, you leave a role workspace by using the mouse to choose a regular user workspace. You can also delete the last role workspace to exit a role. In Trusted JDS, you click the role name on the trusted stripe, and from the menu, select a different role or user. This action changes the current workspace to the process of the new role or user.

How to Exit the Global Zone in Trusted Extensions

The menu locations for exiting a role are different in Trusted JDS and Trusted CDE.

Before You Begin

You are in the global zone.

How to Administer the Local System With the Solaris Management Console

The first time that you launch the Solaris Management Console on a system, a delay occurs while the tools are registered and various directories are created. This delay typically occurs during system configuration. For the procedure, see Initialize the Solaris Management Console Server in Trusted Extensions in Trusted Extensions Configuration Guide.

To administer a remote system, see Administering Trusted Extensions Remotely (Task Map).

Before You Begin

You must have assumed a role. For details, see How to Enter the Global Zone in Trusted Extensions.

  1. Start the Solaris Management Console.

    In Solaris Trusted Extensions (JDS), use the command line.

    $ /usr/sbin/smc &

    In Trusted CDE, you have three choices.

    • Use the smc command in a terminal window.
    • From the Tools pull-up menu on the Front Panel, click the Solaris Management Console icon.
    • In the Trusted_Extensions folder, double-click the Solaris Management Console icon.
  2. Choose Console -> Open Toolbox.
  3. From the list, select a Trusted Extensions toolbox of the appropriate scope.

    A Trusted Extensions toolbox has Policy=TSOL as part of its name. The Files scope updates local files on the current system. The LDAP scope updates LDAP directories on the Oracle Directory Server Enterprise Edition. The toolbox names appear similar to the following:

    This Computer (this-host: Scope=Files, Policy=TSOL)
    This Computer (ldap-server: Scope=LDAP, Policy=TSOL)
  4. Navigate to the desired Solaris Management Console tool.

    The password prompt is displayed.

    For tools that Trusted Extensions has modified, click System Configuration.

  5. Type the password.

    Refer to the online help for additional information about Solaris Management Console tools. For an introduction to the tools that Trusted Extensions modifies, see Solaris Management Console Tools.

  6. To close the GUI, choose Exit from the Console menu.

How to Start CDE Administrative Actions in Trusted Extensions

  1. Assume a role.

    For details, see How to Enter the Global Zone in Trusted Extensions.

  2. In Trusted CDE, bring up the Application Manager.
    1. Click mouse button 3 on the background to bring up the Workspace menu.
    2. Click Applications, then click the Application Manager menu item.
      image:Dialog box titled Application Manager shows folders, including the Trusted_Extensions folder.

      The Trusted_Extensions folder is in the Application Manager.

  3. Open the Trusted_Extensions folder.
  4. Double-click the appropriate icon.

    For a list of administrative actions, see Trusted CDE Actions.

How to Edit Administrative Files in Trusted Extensions

Administrative files are edited with a trusted editor that incorporates auditing. This editor also prevents the user from executing shell commands and from saving to any file name other than the name of the original file.

  1. Assume a role.

    For details, see How to Enter the Global Zone in Trusted Extensions.

  2. Open a trusted editor.
    • In Solaris Trusted Extensions (CDE), do the following:
      1. To bring up the editor, click mouse button 3 on the background to bring up the Workspace menu.
      2. Click Applications, then click the Application Manager menu item.

        The Trusted_Extensions folder is in the Application Manager.

      3. Open the Trusted_Extensions folder.
      4. Double-click the Admin Editor action.

        You are prompted to provide a file name. For the format, see Step 3 and Step 4.

    • In Solaris Trusted Extensions (JDS), do the following:
  3. To create a new file, type the full path name for the new file.

    When you save the file, the editor creates a temporary file.

  4. To edit an existing file, type the full path name for the existing file.

    Note - If your editor provides a Save As option, do not use it. Use the editor's Save option to save the file.


  5. To save the file to the specified path name, close the editor.