JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Cluster System Administration Guide     Oracle Solaris Cluster 4.1
search filter icon
search icon

Document Information

Preface

1.  Introduction to Administering Oracle Solaris Cluster

2.  Oracle Solaris Cluster and RBAC

Setting Up and Using RBAC With Oracle Solaris Cluster

Oracle Solaris Cluster RBAC Rights Profiles

Creating and Assigning an RBAC Role With an Oracle Solaris Cluster Management Rights Profile

How to Create a Role From the Command Line

Modifying a User's RBAC Properties

How to Modify a User's RBAC Properties From the Command Line

3.  Shutting Down and Booting a Cluster

4.  Data Replication Approaches

5.  Administering Global Devices, Disk-Path Monitoring, and Cluster File Systems

6.  Administering Quorum

7.  Administering Cluster Interconnects and Public Networks

8.  Adding and Removing a Node

9.  Administering the Cluster

10.  Configuring Control of CPU Usage

11.  Updating Your Software

12.  Backing Up and Restoring a Cluster

A.  Example

Index

Creating and Assigning an RBAC Role With an Oracle Solaris Cluster Management Rights Profile

Use this task to create a new RBAC role with an Oracle Solaris Cluster Management Rights Profile and to assign users to this new role.

How to Create a Role From the Command Line

  1. Select a method for creating a role:
    • For roles in the local scope, use the roleadd command to specify a new local role and its attributes. For more information, see the roleadd(1M) man page.

    • Alternatively, for roles in the local scope, edit the user_attr file to add a user with type=role. For more information, see the user_attr(4) man page.

      Use this method only for emergencies.

    • For roles in a name service, use the roleadd and rolemod commands to specify the new role and its attributes. For more information, see the roleadd(1M) and rolemod(1M) man pages.

      This command requires authentication by the root role that is capable of creating other roles. You can apply the roleadd command to all name services.

  2. Start and stop the name service cache daemon.

    New roles do not take effect until the name service cache daemon is restarted. As root, type the following text:

    # /etc/init.d/nscd stop
    # /etc/init.d/nscd start

Example 2-1 Creating a Custom Operator Role by Using the smrole Command

The following sequence demonstrates how a role is created with the smrole command. In this example, a new version of the Operator role is created that has assigned to it the standard Operator rights profile and the Media Restore rights profile.

% su primaryadmin 
# /usr/sadm/bin/smrole add -H myHost -- -c "Custom Operator" -n oper2 -a johnDoe \
-d /export/home/oper2 -F "Backup/Restore Operator" -p "Operator" -p "Media Restore"

Authenticating as user: primaryadmin

Type /? for help, pressing <enter> accepts the default denoted by [ ]
Please enter a string value for: password :: <type primaryadmin password>

Loading Tool: com.sun.admin.usermgr.cli.role.UserMgrRoleCli from myHost
Login to myHost as user primaryadmin was successful.
Download of com.sun.admin.usermgr.cli.role.UserMgrRoleCli from myHost was successful.

Type /? for help, pressing <enter> accepts the default denoted by [ ]
Please enter a string value for: password ::<type oper2 password>

# /etc/init.d/nscd stop
# /etc/init.d/nscd start

To view the newly created role (and any other roles), use smrole with the list option, as follows:

# /usr/sadm/bin/smrole list --
Authenticating as user: primaryadmin

Type /? for help, pressing <enter> accepts the default denoted by [ ]
Please enter a string value for: password :: <type primaryadmin password>

Loading Tool: com.sun.admin.usermgr.cli.role.UserMgrRoleCli from myHost
Login to myHost as user primaryadmin was successful.
Download of com.sun.admin.usermgr.cli.role.UserMgrRoleCli from myHost was successful.
root                    0               Super-User
primaryadmin            100             Most powerful role
sysadmin                101             Performs non-security admin tasks
oper2                   102             Custom Operator