sun.com   |  docs.sun.com
How To Buy  |   My Sun  |   Worldwide Sites
        
 
Sun Microsystems Logo
 Products & Services
 		 Support & Training
 
 
System Administration Guide: Basic Administration >> 2.  Working With the Solaris Management Console (Tasks) >> Solaris Management Console (Overview) 

Previous Previous     Contents     Index     Next Next

Changing the Solaris Management Console Window

The layout of the console window is highly configurable. You can use the following features to change the console window layout:

  • View menu - Use the Show option in the View menu to hide or display the optional bars and panes. The other options in the View menu control the display of nodes in the view pane.

  • Console menu - Use the Preferences option to set the following: the initial toolbox, the orientation of panes, clicking or double-clicking for selection, text or icons in the tool bar, fonts, default tool loading, authentication prompts, and advanced logins.

  • Context Help or Console Events toggles - Use the icons at the bottom of the information pane to toggle between the display of context-sensitive help and console events.

Solaris Management Console Documentation

The main source of documentation for using the console and its tools is the online help system. Two forms of online help are available: context-sensitive help and expanded help topics.

  • Context-sensitive help responds to your use of the console tools.

    Clicking the cursor on tabs, entry fields, radio buttons, and so forth, causes the appropriate help to appear in the Information pane. You can close, or reopen the Information pane by clicking the question mark button on dialog boxes and wizards.

  • Expanded help topics are available from the Help menu or by clicking cross reference links in some context-sensitive help.

    These topics appear in a separate viewer and contain more in-depth information than is provided by the context help. Topics include overviews of each tool, explanations of how each tool works, files used by a specific tool, and troubleshooting.

For a brief overview of each tool, refer to Table 2-1.

How Much Role-Based Access Control?

As described in Why Use the Solaris Management Console?, a major advantage of using the Solaris management tools is the ability to use Role-Based Access Control (RBAC). RBAC provides administrators with access to just the tools and commands they need to perform their jobs.

Depending on your security needs, you can use varying degrees of RBAC, as follows:

RBAC Approach

Description

For More Information

No RBAC

Allows you to perform all tasks as superuser. You can log in as yourself. When you select a Solaris management tool, you enter root as the user and the root password.

How to Become Superuser (root) or Assume a Role 

Root as a Role

Eliminates anonymous root logins and prevents users from logging in as root. This approach requires users to log in as themselves before they assume the root role.

Note that you can apply this technique whether or not you are using other roles.

"Making a Role" in System Administration Guide: Security Services

Single Role Only

Uses the Primary Administrator role, which is roughly equivalent to having root access only.

Creating the Primary Administrator Role 

Suggested Roles

Uses three roles that are easily configured: Primary Administrator, System Administrator, and Operator. These roles are appropriate for organizations with administrators at different levels of responsibility whose job capabilities roughly fit the suggested roles.

"Role-Based Access Control (Overview)" in System Administration Guide: Security Services

Custom Roles

You can add your own roles, depending on your organization's security needs.

"Planning for RBAC" in System Administration Guide: Security Services

Becoming Superuser (root) or Assuming a Role

Most administration tasks, such as adding users, file systems, or printers, require that you first log in as root (UID=0) or assume a role if you are using RBAC. The root account, also known as the superuser account, is used to make system changes and can override user file protection in emergency situations.

The superuser account and roles should be used only to perform administrative tasks to prevent indiscriminate changes to the system. The security problem associated with the superuser account is that a user has complete access to the system even when performing minor tasks.

In a non-RBAC environment, you can either log into the system as superuser or use the su command to change to the superuser account. If RBAC is implemented, you can assume roles through the console or use su and specify a role.

When you use the console to perform administration tasks, you can do one of the following:

  • Log into the console as yourself and then supply the root user name and password.

  • Log into the console as yourself and then assume a role.

A major benefit of RBAC is that roles can be created to give limited access to specific functions only. If you are using RBAC, you can run restricted applications by assuming a role rather than becoming superuser.

For step-by-step instructions on creating the Primary Administrator role, see How to Create the First Role (Primary Administrator). For an overview on configuring RBAC to use roles, see "Configuring RBAC (Task Map)" in System Administration Guide: Security Services.

ProcedureHow to Become Superuser (root) or Assume a Role

Become superuser or assume a role by using one of the following methods. Each method requires that you know either the superuser password or the role password.

  1. Become Superuser - Select one of the following to become superuser.

    1. Log in as a user, start the Solaris Management Console, select a Solaris management tool, and then log in as root.

      This method enables to you perform any management task from the console.

      For information on starting the Solaris Management Console, see How to Start the Solaris Management Console in a Name Service Environment.

    2. Log in as superuser on the system console.

      hostname console: root
Password: root-password
#

      The pound sign (#) is the Bourne shell prompt for the superuser account.

      This method provides complete access to all system commands and tools.

    3. Log in as a user, and then change to the superuser account by using the su command at the command line.

      % su
Password: root-password
#

      This method provides complete access to all system commands and tools.

    4. Log in remotely as superuser. This method is not enabled by default. You must modify the /etc/default/login file to remotely log in as superuser on the system console. For information on modifying this file, see "Securing Machines (Tasks)" in System Administration Guide: Security Services.

      This method provides complete access to all system commands and tools.

  2. Assume a Role - Select one of the following to assume a role.

    1. Log in as user, and then change to a role by using the su command at the command line. 

      % su role
Password: role-password
$

      This method provides access to all the commands and tools the role has access to.

    2. Log in as a user, start the Solaris Management Console, select a Solaris management tool, and then assume a role.

      For information on starting the Solaris Management Console, see How to Start the Console as Superuser or as a Role.

      This method provides access to the Solaris management tools that the role has access to.

Previous Previous     Contents     Index     Next Next
 
Copyright 1994-2004 Sun Microsystems