Hey Glenn, Thanks very much for this information. Very helpful. Some of the info is news to me, especially about pfexec, so glad I asked.
I cover SMC and was aware that it's not supported. I also cover some info on creating users. I need to check for where roleadd is covered. We definitely should add the task for assignment of roles using GNOME GUI. This goes far in helping me figure out where the gaps are. Thanks again, Nita On 03/27/09 16:05, Glenn Faden wrote: > Juanita, > > The Solaris 10 RBAC documentation still applies to OpenSolaris. > However, there are a few differences in the initial configuration of > OpenSolaris. > > The first difference is that the Solaris Management Console is no > longer included. > > The other two difference are that root is a role by default, instead > of having to set this up by hand later, and that the Primary > Administrator rights profile is assigned to the initial user. That > last part is a bug, and should not be relied on because it provides > access to a root shell without further authentication, via pfexec. > When this bug is fixed, pfexec won't be equivalent to becoming root. > > Instead of using pfexec, we should be telling users to assume the root > role, via su. Or we should be referring the user to the existing > documentation about creating the other common roles (see roleadd) and > assigning the roles to users (see usermod). The assignment of roles to > users can also be done using via the GNOME GUI > System->Administration->Users and Groups->Users->Properties->User Roles > > It is a mistake to be telling users to constantly use pfexec. It was > not designed for that purpose. We should be telling people to assume > roles, via su, or to use sudo. > > --Glenn > > > > Juanita Heieck wrote: >> Hi, >> >> Danek Duvall suggested I sent email to the two security aliases. >> I work with the Solaris documentation team and am currently >> tasked with updating some procedures and feature info >> that changed since S10. We have some admin tasks we're >> adding to an OpenSolaris.org wiki, How To types of info, on a few >> topics: >> >> - explaining about setting up user accounts - assigning roles (RBAC) >> - using pfexec >> >> The basic admin guide on d.s.c. covers adding user accounts >> and RBAC, but I know some things have changed in OpenSolaris, so that >> I wouldn't be able to reuse all of that documentation >> for this audience. And, currently, there is very little >> system administration docs on pfexec. >> >> Is there anyone that can point me to some basic information >> and/or assist with a few of these How Tos, or at least >> get me on the right track? >> >> Any and all help with transitioning >> the documentation for OpenSolaris is greatly appreciated. >> >> Nita >> >> . >> >
