Trusted Extensions Enables Secure Administration
In contrast to traditional UNIX systems, superuser (the root user) is not used
to administer Trusted Extensions. Rather, administrative roles with discrete capabilities administer the system.
In this way, no single user can compromise a system's security. A role
is a special user account that provides access to certain applications with the
rights that are necessary for performing the specific tasks. Rights include authorizations, privileges, and
effective UIDs/GIDs.
The following security practices are enforced on a system that is configured with
Trusted Extensions:
You are granted access to applications and authorizations on a need-to-use basis.
You can perform functions that override security policy only if you are granted special authorizations or special privileges by administrators.
System administration duties are divided among multiple roles.
Accessing Applications in Trusted Extensions
In Trusted Extensions, you can access only those programs that you need to
do your job. As in the Solaris OS, an administrator provides access
by assigning one or more rights profiles to your account. A rights profile is a
special package of programs and security attributes. These security attributes enable successful use
of the program that is in the rights profile.
The Solaris OS provides security attributes such as privileges and authorizations. Trusted
Extensions provides labels. Any of these attributes, if missing, can prevent use of
the program or parts of the program. For example, a rights profile might
include an authorization that enables you to read a database. A rights profile
with particular security attributes might be required for you to modify the database
or read information that is classified as Confidential.
The use of rights profiles that contain programs with associated security attributes helps
prevent users from misusing programs and from damaging data on the system. If
you need to perform tasks that override the security policy, the administrator can
assign to you a rights profile that contains the necessary security attributes. If
you are prevented from running a certain task, check with your administrator. You
might be missing required security attributes.
In addition, the administrator might assign you a profile shell as your login
shell. A profile shell is a special version of the Bourne shell that provides
access to a particular set of applications and capabilities. Profile shells are a
feature of the Solaris OS. For details, see the pfsh(1) man page.
Note - If you try to run a program and receive a Not Found error message
or if you try to run a command and receive a Not in Profile error
message, you might not be permitted to use this program. Check with your
security administrator.
Administration by Role in Trusted Extensions
Trusted Extensions software uses roles for administration. Make sure that you know who
is performing which set of duties at your site. The following are common
roles:
root role – Is used primarily to prevent direct login by superuser.
Primary Administrator role – Performs any tasks that require privileges beyond the capabilities of other roles.
Security Administrator role – Performs security-relevant tasks, such as setting passwords, authorizing device allocation, assigning rights profiles, and evaluating software programs.
System Administrator role – Performs standard system management tasks, such as setting up home directories, restoring backups, and installing software programs.
Operator role – Performs system backups, manages printers, and mounts removable media.