Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

System Administration Guide: Basic Administration
Previous Next

Becoming Superuser (root) or Assuming a Role

Most administration tasks, such as adding users, file systems, or printers, require that you first log in as root (UID=0) or assume a role if you are using RBAC. The root account, also known as the superuser account, is used to make system changes and can override user file protection in emergency situations.

The superuser account and roles should be used only to perform administrative tasks to prevent indiscriminate changes to the system. The security problem associated with the superuser account is that a user has complete access to the system even when performing minor tasks.

In a non-RBAC environment, you can either log in to the system as superuser or use the su command to change to the superuser account. If RBAC is implemented, you can assume roles through the console or use su and specify a role.

When you use the console to perform administration tasks, you can do one of the following:

  • Log in to the console as yourself and then supply the root user name and password

  • Log in to the console as yourself and then assume a role

A major benefit of RBAC is that roles can be created to give limited access to specific functions only. If you are using RBAC, you can run restricted applications by assuming a role rather than by becoming superuser.

For step-by-step instructions on creating the Primary Administrator role, see How to Create the First Role (Primary Administrator). For an overview on using RBAC, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

How to Become Superuser (root) or Assume a Role

Become superuser or assume a role by using one of the following methods. Each method requires that you know either the superuser password or the role password.

  1. Become superuser. Select one of the following methods to become superuser:
    • Log in as a user, start the Solaris Management Console, select a Solaris management tool, and then log in as root.

      This method enables to you perform any management task from the console.

      For information on starting the Solaris Management Console, see How to Start the Solaris Management Console in a Name Service Environment.

    • Log in as superuser on the system console.
      hostname console: root
      Password: root-password
      #

      The pound sign (#) is the Bourne shell prompt for the superuser account.

      This method provides complete access to all system commands and tools.

    • Log in as a user, and then change to the superuser account by using the su command at the command line.
      % su
      Password: root-password
      #

      This method provides complete access to all system commands and tools.

    • Log in remotely as superuser.

      This method is not enabled by default. You must modify the /etc/default/login file to remotely log in as superuser on the system console. For information on modifying this file, see Chapter 3, Controlling Access to Systems (Tasks), in System Administration Guide: Security Services.

      This method provides complete access to all system commands and tools.

  2. Assume a role. Select one of the following methods to assume a role:
    • Log in as user, and then change to a role by using the su command at the command line.
      % su role
      Password: role-password
      $

      This method provides access to all the commands and tools that the role has access to.

    • Log in as a user, start the Solaris Management Console, select a Solaris management tool, and then assume a role.

      For information on starting the Solaris Management Console, see How to Start the Console as Superuser or as a Role.

      This method provides access to the Solaris management tools that the role has access to.

Previous Next

 
 
  Published under the terms fo the Public Documentation License Version 1.01. Design by Interspire