JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Administration: Basic Administration     Oracle Solaris 10 1/13 Information Library
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

About This Book

1.  Oracle Solaris Management Tools (Road Map)

2.  Working With the Solaris Management Console (Tasks)

Solaris Management Console (Overview)

What Is the Solaris Management Console?

Solaris Management Console Tools

Why Use the Solaris Management Console?

Organization of the Solaris Management Console

Changing the Solaris Management Console Window

Solaris Management Console Documentation

How Much Role-Based Access Control?

Becoming Superuser (root) or Assuming a Role

How to Become Superuser (root) or Assume a Role

Using the Solaris Management Tools With RBAC (Task Map)

If You Are the First to Log In to the Console

Creating the Primary Administrator Role

How to Create the First Role (Primary Administrator)

How to Assume the Primary Administrator Role

Starting the Solaris Management Console

How to Start the Console as Superuser or as a Role

Using the Oracle Solaris Management Tools in a Name Service Environment (Task Map)

RBAC Security Files

Prerequisites for Using the Solaris Management Console in a Name Service Environment

Management Scope

/etc/nsswitch.conf File

How to Create a Toolbox for a Specific Environment

How to Add a Tool to a Toolbox

How to Start the Solaris Management Console in a Name Service Environment

Adding Tools to the Solaris Management Console

How to Add a Legacy Tool to a Toolbox

How to Install an Unbundled Tool

Troubleshooting the Solaris Management Console

How to Troubleshoot the Solaris Management Console

3.  Working With the Oracle Java Web Console (Tasks)

4.  Managing User Accounts and Groups (Overview)

5.  Managing User Accounts and Groups (Tasks)

6.  Managing Client-Server Support (Overview)

7.  Managing Diskless Clients (Tasks)

8.  Introduction to Shutting Down and Booting a System

9.  Shutting Down and Booting a System (Overview)

10.  Shutting Down a System (Tasks)

11.  Modifying Oracle Solaris Boot Behavior (Tasks)

12.  Booting an Oracle Solaris System (Tasks)

13.  Managing the Oracle Solaris Boot Archives (Tasks)

14.  Troubleshooting Booting an Oracle Solaris System (Tasks)

15.  x86: GRUB Based Booting (Reference)

16.  x86: Booting a System That Does Not Implement GRUB (Tasks)

17.  Working With Oracle Configuration Manager

18.  Managing Services (Overview)

19.  Managing Services (Tasks)

20.  Managing Software (Overview)

21.  Managing Software With Oracle Solaris System Administration Tools (Tasks)

22.  Managing Software by Using Oracle Solaris Package Commands (Tasks)

23.  Managing Patches

A.  SMF Services

Index

Using the Solaris Management Tools With RBAC (Task Map)

This task map describes the tasks you will need to perform, if you want to use the RBAC security features to perform administration tasks, rather than use the superuser account.

Note - The information in this chapter describes how to use the console with RBAC. RBAC overview and task information is included to show how to initially set up RBAC with the console.

For detailed information about RBAC and how to use it with other applications, see Role-Based Access Control (Overview) in System Administration Guide: Security Services.

Task
Description
For Instructions
1. Start the console.
If your user account is already set up, start the console as yourself. Then, log in to the console as root. If you do not have a user account set up, become superuser first, and then start the console.
How to Start the Console as Superuser or as a Role
2. Add a user account for yourself.
Add a user account for yourself, if you do not have an account already.
Solaris Management Console online help

If You Are the First to Log In to the Console
3. Create the Primary Administrator role
Create the Primary Administrator role. Then, add yourself to this role.
How to Create the First Role (Primary Administrator)
4. Assume the Primary Administrator role.
Assume the Primary Administrator role after you have created this role.
How to Assume the Primary Administrator Role
5. (Optional) Make root a role.
Make root a role and add yourself to the root role, so that no other user can use the su command to become root.
How to Plan Your RBAC Implementation in System Administration Guide: Security Services
6. (Optional) Create other administrative roles.
Create other administrative roles and grant the appropriate rights to each role. Then, add the appropriate users to each role.
Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services

The following sections provide overview information and step-by-step instructions for using the Solaris Management Console and the RBAC security features.

If You Are the First to Log In to the Console

If you are the first administrator to log in to the console, start the console as a user (yourself). Then, log in as superuser. This method gives you complete access to all of the console tools.

Here are the general steps to follow, depending on whether you are using RBAC:

Creating the Primary Administrator Role

An administrator role is a special user account. Users who assume a role are permitted to perform a predefined set of administrative tasks.

The Primary Administrator role is permitted to perform all administrative functions, similar to superuser.

If you are superuser, or a user who is assuming the Primary Administrator role, you can define which tasks other administrators are permitted to perform. With the help of the Add Administrative Role wizard, you can create a role, grant rights to the role, and then specify which users are permitted to assume that role. A right is a named collection of commands, or authorizations, for using specific applications. A right enables you to perform specific functions within an application. The use of rights can be granted or denied by an administrator.

The following table describes the information that you are prompted for when you create the Primary Administrator role.

Table 2-2 Field Descriptions for Adding a Role by Using the Solaris Management Console

Field name
Description
Role name
Selects the name an administrator uses to log in to a specific role.
Full name
Provides a full, descriptive name of this role. (Optional)
Description
Provides further description of this role.
Role ID number
Selects the identification number assigned to this role. This number is the same as the set of identifiers for UIDs.
Role shell
Selects the shell that runs when a user logs in to a terminal or console window and assumes a role in that window.
Create a role mailing list
Creates a mailing list with the same name as the role, if checked. You can use this list to send email to everyone assigned to the role.
Role password and confirm Password
Sets and confirms the role password.
Available rights and granted Rights
Assigns rights to this role by choosing from the list of Available Rights and adding them to the list of Granted Rights.
Select a home directory
Selects the home directory server where this role's private files will be stored.
Assign users to this role
Adds specific users to the role so that they can assume the role to perform specific tasks.

For detailed information about RBAC and instructions on how to use roles to create a more secure environment, see Role-Based Access Control (Overview) in System Administration Guide: Security Services.

How to Create the First Role (Primary Administrator)

This procedure describes how to create the Primary Administrator role and then assign it to your user account. This procedure assumes that your user account is already created.

  1. Start the console as yourself.
    % /usr/sadm/bin/smc &

    For additional information about starting the console, see How to Start the Console as Superuser or as a Role.

    The console online help provides more information about creating a user account for yourself.

  2. Click the This Computer icon in the Navigation pane.
  3. Click System Configuration ->Users -> Administrative Roles.
  4. Click Action ->Add Administrative Role.

    The Add Administrative Role wizard opens.

  5. Create the Primary Administrator role with the Administrative Role wizard by following these steps:
    1. Identify the role name, which includes the full role name, description, role ID number, role shell, and whether you want to create a role mailing list. Click Next.
    2. Set and confirm the role password, then click Next.
    3. Select the Primary Administrator right from the Available Rights column, add it to Granted Rights column.
    4. Click Next.
    5. Select the home directory for the role, then click Next.
    6. Assign yourself to the list of users who can assume the role, then click Next.

    If necessary, see Table 2-2 for a description of the role fields.

  6. Click Finish.

How to Assume the Primary Administrator Role

After you have created the Primary Administrator role, you will need to log in to the console as yourself, and then assume the Primary Administrator role. When you assume a role, you take on all of the attributes of that role, including the rights. At the same time, you relinquish all of your own user properties.

  1. Start the console.
    % /usr/sadm/bin/smc &

    For information about starting the console, see How to Start the Console as Superuser or as a Role.

  2. Log in with your user name and password.

    A list shows which roles you are permitted to assume.

  3. Log in to the Primary Administrator role and provide the role password.
Copyright © 1998, 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next