primary# svccfg -s vntsd setprop vntsd/authorization = true primary# svcadm refresh vntsd primary# svcadm restart vntsd
primary# roleadd -A solaris.vntsd.consoles role-name primary# passwd role-name
primary# usermod -R role-name username
首先,启用控制台授权检查以限制对域控制台的访问。
primary# svccfg -s vntsd setprop vntsd/authorization = true primary# svcadm refresh vntsd primary# svcadm restart vntsd primary# ldm ls NAME STATE FLAGS CONS VCPU MEMORY UTIL UPTIME primary active -n-cv- UART 8 16G 0.2% 47m ldg1 active -n--v- 5000 2 1G 0.1% 17h 50m ldg2 active -t---- 5001 4 2G 25% 11s
以下示例说明如何创建具有 solaris.vntsd.consoles 授权的 all_cons 角色,该授权允许访问所有域控制台。
primary# roleadd -A solaris.vntsd.consoles all_cons primary# passwd all_cons New Password: Re-enter new Password: passwd: password successfully changed for all_cons
此命令将 all_cons 角色分配给 sam 用户。
primary# usermod -R all_cons sam
用户 sam 承担 all_cons 角色,可以访问所有控制台。例如:
$ id uid=700299(sam) gid=1(other) $ su all_cons Password: $ telnet localhost 5000 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. Connecting to console "ldg1" in group "ldg1" .... Press ~? for control options .. $ telnet localhost 5001 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. Connecting to console "ldg2" in group "ldg2" .... Press ~? for control options ..
本示例说明未经授权的用户 dana 尝试访问域控制台时所发生的情况:
$ id uid=702048(dana) gid=1(other) $ telnet localhost 5000 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. Connection to 0 closed by foreign host.