How to Control Access to a Single Console by Using Roles
Example 5-3 Accessing a Single Domain Console
This example shows how user terry
assumes the ldg1cons
role and accesses the ldg1
domain console.
First, add an authorization for a single domain, ldg1
, to the authorization description database.
# auths add -t "Access ldg1 Console" solaris.vntsd.console-ldg1
Then, create a role with the new authorization to permit access only to the console of the domain.
primary# roleadd -A solaris.vntsd.console-ldg1 ldg1cons primary# passwd ldg1cons New Password: Re-enter new Password: passwd: password successfully changed for ldg1cons
Assign the ldg1cons
role to user terry
, assume the ldg1cons
role, and access the domain console.
primary# usermod -R ldg1cons terry primary# su terry Password: $ id uid=700300(terry) gid=1(other) $ su ldg1cons Password: $ id uid=700303(ldg1cons) gid=1(other) $ telnet localhost 5000 Trying 0.0.0.0... Escape character is '^]'. Connecting to console "ldg1" in group "ldg1" .... Press ~? for control options ..
The following example shows that the user terry
cannot access the ldg2
domain console:
$ telnet localhost 5001
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
Connection to 0 closed by foreign host.