Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
2.  Working With the Solaris Management Console (Tasks) Using the Solaris Management Tools With RBAC (Task Map) How to Assume the Primary Administrator Role  Previous   Contents   Next 
   
 

Starting the Solaris Management Console

The following procedure describes how to start the console and gain access to the Solaris management tools.

How to Start the Console as Superuser or as a Role

If you start the console as a user, with your own user account, you have limited access to the Solaris management tools. For greater access, you can log in as yourself and then as one of the roles you are are allowed to assume. If you are permitted to assume the role of Primary Administrator, you then have access to all the Solaris management tools, equivalent to that of superuser.

  1. Verify that you are in a window environment, such as the CDE environment.

  2. Start the console in one of the following ways.

    • From the command line, type:

      % /usr/sadm/bin/smc &

      It might take a minute or two for the console to come up the first time.

    • From the Tools menu of the CDE front panel.

    • By double-clicking a Solaris Management Console icon in CDE's Applications Manager or File Manager.

    The Solaris Management Console window is displayed.


    Note - Open a console in your window environment to display the Solaris Management Console start-up messages. Do not attempt to start the Solaris Management Console server manually before starting the Solaris Management Console. The server starts automatically when you start the Solaris Management Console. For information on troubleshooting console problems, see "Troubleshooting the Solaris Management Console".


  3. Double-click the This Computer icon under the Management Tools icon in the Navigation pane.

    A list of categories is displayed.

  4. (Optional) Select the appropriate toolbox.

    If you want to use a toolbox other than the default toolbox, select the appropriate toolbox from the Navigation pane. Or, select Open Toolbox from the console menu and load the toolbox you want.

    For information about using different toolboxes, see "How to Create a Toolbox for a Specific Environment".

  5. Double-click the category icon to access a particular tool.

    Use the online help to identify how to perform a specific task.

  6. Double-click the tool icon.

    A popup Log-In window is displayed.

  7. Decide if you want to the tool as superuser or as a role.

    • If you are logging in as superuser and will be working as superuser, select step 8.

    • If you are logging in as yourself and will be assuming the Primary Administrator role, select steps 9 and 10.

  8. If you are logging in as superuser, enter the root password.

  9. If you are logging in as yourself, backspace over the root user name. Then supply your user ID and user password.

    A list of roles you can assume is displayed.

  10. Select the Primary Administrator role (or an equivalent role) and supply the role password.

    For step-by-step instructions on creating the Primary Administrator role, see "How to Create the First Role (Primary Administrator)".

    The main tool menu is displayed.

Using the Solaris Management Tools in a Name Service Environment (Task Map)

By default, the Solaris management tools are set up to operate in a local environment. For example, the Mounts and Shares tool enables you to mount and share directories on specific systems, but not in a NIS or NIS+ environment. However, you can manage information with the Users and Computers and Networks tools in a name service environment.

To work with a console tool in a name service environment, you need to create a name service toolbox, and then add the tool to that toolbox.

Task

Description

For Instructions

1. Verify prerequisites

Verify you have completed the prerequisites before attempting to use the console in a name service environment.

"Prerequisites for Using the Solaris Management Console in a Name Service Environment"

2. Create a toolbox for the name service

Use the New Toolbox wizard to create a toolbox for your name service tools.

"How to Create a Toolbox for a Specific Environment"

3. Add a tool to the name service toolbox

Add the Users tool (or any other name service tool) to your name service toolbox.

"How to Add a Tool to a Toolbox"

4. Select the toolbox just created

Select the toolbox you just created to manage name service information.

"How to Start the Solaris Management Console in a Name Service Environment"

RBAC Security Files

The RBAC security files that work with the Solaris Management Console are created when you upgrade to or install the Solaris 9 release. If you do not install the Solaris Management Console packages, the RBAC security files are installed without the necessary data for using RBAC. For information on the Solaris Management Console packages, see "Troubleshooting the Solaris Management Console".

The RBAC security files in the Solaris 9 release are included in your name service so that you can use the Solaris Management Console tools in a name service environment.

The security files on a local server are populated into a name service environment as part of a standard upgrade by the commands ypmake, nispopulate, or equivalent LDAP commands. The following name services are supported:

  • NIS

  • NIS+

  • LDAP

  • files


Note - The projects database is not supported in the NIS+ environment.


The RBAC security files are created when you upgrade to or install the Solaris 9 release.

This table briefly describes the pre-defined security files that are installed on a Solaris 9 system.

Table 2-3 RBAC Security Files

Local File Name

Table or Map Name

Description

/etc/user_attr

user_attr

Associates users and roles with authorizations and rights profiles.

/etc/security/auth_attr

auth_attr

Defines authorizations and their attributes and identifies associated help files.

/etc/security/exec_attr

exec_attr

Defines rights profiles, lists the rights profiles assigned authorizations and identifies associated help files.

/etc/security/prof_attr

prof_attr

Defines the privileged operations assigned to a rights profile.

For unusual upgrade cases, you might have to use the smattrpop command to populate RBAC security files in the following instances:

  • When creating or modifying rights profiles, or

  • When you need to include users and roles by customizing the usr_attr file.

For more information, see "Role-Based Access Control (Overview)" in System Administration Guide: Security Services.

 
 
 
  Previous   Contents   Next