Juanita, The Solaris 10 RBAC documentation still applies to OpenSolaris. However, there are a few differences in the initial configuration of OpenSolaris.
The first difference is that the Solaris Management Console is no longer included. The other two difference are that root is a role by default, instead of having to set this up by hand later, and that the Primary Administrator rights profile is assigned to the initial user. That last part is a bug, and should not be relied on because it provides access to a root shell without further authentication, via pfexec. When this bug is fixed, pfexec won't be equivalent to becoming root. Instead of using pfexec, we should be telling users to assume the root role, via su. Or we should be referring the user to the existing documentation about creating the other common roles (see roleadd) and assigning the roles to users (see usermod). The assignment of roles to users can also be done using via the GNOME GUI System->Administration->Users and Groups->Users->Properties->User Roles It is a mistake to be telling users to constantly use pfexec. It was not designed for that purpose. We should be telling people to assume roles, via su, or to use sudo. --Glenn Juanita Heieck wrote: > Hi, > > Danek Duvall suggested I sent email to the two security aliases. > I work with the Solaris documentation team and am currently > tasked with updating some procedures and feature info > that changed since S10. We have some admin tasks we're > adding to an OpenSolaris.org wiki, How To types of info, on a few topics: > > - explaining about setting up user accounts - assigning roles (RBAC) > - using pfexec > > The basic admin guide on d.s.c. covers adding user accounts > and RBAC, but I know some things have changed in OpenSolaris, so that > I wouldn't be able to reuse all of that documentation > for this audience. And, currently, there is very little > system administration docs on pfexec. > > Is there anyone that can point me to some basic information > and/or assist with a few of these How Tos, or at least > get me on the right track? > > Any and all help with transitioning > the documentation for OpenSolaris is greatly appreciated. > > Nita > > . >
