primary# svccfg -s vntsd setprop vntsd/authorization = true primary# svcadm refresh vntsd primary# svcadm restart vntsd
Include the following entry:
LDoms Consoles:::Access LDoms Consoles:auths=solaris.vntsd.consoles
primary# profiles -p "LDoms Consoles" \ 'set desc="Access LDoms Consoles"; set auths=solaris.vntsd.consoles'
primary# usermod -P "All,Basic Solaris User,LDoms Consoles" username
Be careful to specify any pre-existing profiles when adding the LDoms Consoles profile. The previous command shows that the user already had the All and Basic Solaris User profiles.
primary# usermod -P +"LDoms Consoles" username
$ telnet localhost 5000
The following examples show how to use rights profiles to control access to all domain consoles:
Oracle Solaris 10: Create a rights profile with the solaris.vntsd.consoles authorization by adding the following entry to the /etc/security/prof_attr file:
LDoms Consoles:::Access LDoms Consoles:auths=solaris.vntsd.consoles
Assign the rights profile to username.
primary# usermod -P "All,Basic Solaris User,LDoms Consoles" username
The following commands show how to verify that the user is sam and that the All, Basic Solaris User, and LDoms Consoles rights profiles are in effect. The telnet command shows how to access the ldg1 domain console.
$ id uid=702048(sam) gid=1(other) $ profiles All Basic Solaris User LDoms Consoles $ telnet localhost 5000 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. Connecting to console "ldg1" in group "ldg1" .... Press ~? for control options ..
Oracle Solaris 11: Use the profiles command to create a rights profile with the solaris.vntsd.consoles authorization in the rights profile description database.
primary# profiles -p "LDoms Consoles" \ 'set desc="Access LDoms Consoles"; set auths=solaris.vntsd.consoles'
Assign the rights profile to a user.
primary# usermod -P +"LDoms Consoles" sam
The following commands show how to verify that the user is sam and that the All, Basic Solaris User, and LDoms Consoles rights profiles are in effect. The telnet command shows how to access the ldg1 domain console.
$ id uid=702048(sam) gid=1(other) $ profiles All Basic Solaris User LDoms Consoles $ telnet localhost 5000 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. Connecting to console "ldg1" in group "ldg1" .... Press ~? for control options ..