Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: December 2017

Configurable Security Features

Trusted Extensions uses the same security features that Oracle Solaris provides, and adds some features. For example, the Oracle Solaris OS provides eeprom protection, password requirements and strong password algorithms, system protection by locking out a user, and protection from keyboard shutdown.

Trusted Extensions differs from Oracle Solaris in that you typically administer systems by assuming a limited role.

Roles in Trusted Extensions

In Trusted Extensions, roles are the conventional way to administer the system. Superuser is the root role, and is required for few tasks, such as setting audit flags, changing an account's password, and editing system files. Roles are created just as they are in Oracle Solaris.

    The following roles are typical of a Trusted Extensions site:

  • root role – Created at Oracle Solaris installation

  • Security Administrator role – Created during or after initial configuration by the initial setup team

  • System Administrator role – Created during or after initial configuration by the initial setup team

Role Creation in Trusted Extensions

To administer Trusted Extensions, you create roles that divide system and security functions.

Role Assumption in Trusted Extensions

On the trusted desktop, you can assume an assigned role by clicking your user name in the trusted stripe for the role choices. After confirming the role password, the current workspace is changed into a role workspace. A role workspace is in the global zone and has the trusted path attribute. Role workspaces are administrative workspaces.

Trusted Extensions Interfaces for Configuring Security Features

In Trusted Extensions, you can extend existing security features. Also, Trusted Extensions provides unique security features.

Extension of Oracle Solaris Security Features by Trusted Extensions

As in Oracle Solaris, privileges cannot be extended.

Unique Trusted Extensions Security Features

    Trusted Extensions provides the following unique security features:

  • Labels – Subjects and objects are labeled. Processes are labeled. Zones and the network are labeled. Workspaces and their objects are labeled.

  • Device Manager – By default, devices are protected by allocation requirements. The Device Manager GUI is the interface for administrators and for regular users.

  • Change Password menu – This menu enables you to change your user or role password.

  • Change Workspace Label menu – Users in multilevel sessions can change the workspace label. Users can be required to provide a password when entering a workspace of a different label.

  • Selection Manager dialog box – Authorized users in multilevel sessions can upgrade or downgrade information to a different label.

  • TrustedExtensionsPolicy file – Administrators can change the policy on X server extensions that are unique to Trusted Extensions. For more information, see the TrustedExtensionsPolicy(4) man page.