Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

» ...Documentation Home » Oracle Solaris 11.4 Information Library » Trusted Extensions Configuration and ... » Administration of Trusted Extensions » Managing Users, Rights, and Roles in Trusted ... » Managing Users and Rights » How to Create a Rights Profile for Convenient ...

Updated: November 2020

Trusted Extensions Configuration and Administration

Document Information

Using This Documentation

Part I Initial Configuration of Trusted Extensions

Part II Administration of Trusted Extensions

Chapter 7 Trusted Extensions Administration Concepts

Trusted Extensions and the Oracle Solaris OS

Basic Concepts of Trusted Extensions

Chapter 8 Trusted Extensions Administration Tools

Administration Tools for Trusted Extensions

txzonemgr Script

Command Line Tools in Trusted Extensions

Configuration Files in Trusted Extensions

Chapter 9 About Security Requirements on a Trusted Extensions System

Configurable Security Features

Rules When Changing the Level of Security for Data

Chapter 10 Common Tasks in Trusted Extensions

Performing Common Tasks in Trusted Extensions

Chapter 11 About Users, Rights, and Roles in Trusted Extensions

User Security Features in Trusted Extensions

Administrator Responsibilities for Users

Decisions to Make Before Creating Users in Trusted Extensions

Default User Security Attributes in Trusted Extensions

Configurable User Attributes in Trusted Extensions

Security Attributes That Must Be Assigned to Users

Chapter 12 Managing Users, Rights, and Roles in Trusted Extensions

Customizing the User Environment for Security

Managing Users and Rights

How to Modify a User's Label Range

How to Create a Rights Profile for Convenient Authorizations

How to Restrict a User's Set of Privileges

How to Prevent Account Locking for Users

How to Enable a User to Change the Security Level of Data

How to Delete a User Account From a Trusted Extensions System

Chapter 13 Managing Zones in Trusted Extensions

Zones in Trusted Extensions

Global Zone Processes and Labeled Zones

Primary and Secondary Labeled Zones

Zone Administration Utilities in Trusted Extensions

Chapter 14 Managing and Mounting Files in Trusted Extensions

Mount Possibilities in Trusted Extensions

Trusted Extensions Policies for Mounted File Systems

Results of Sharing and Mounting File Systems in Trusted Extensions

Multilevel Datasets for Relabeling Files

NFS Server and Client Configuration in Trusted Extensions

Trusted Extensions Software and NFS Protocol Versions

Backing Up, Sharing, and Mounting Labeled Files

Chapter 15 Trusted Networking

About the Trusted Network

Network Security Attributes in Trusted Extensions

Trusted Network Fallback Mechanism

About Routing in Trusted Extensions

Administration of Routing in Trusted Extensions

Administration of Labeled IPsec

Chapter 16 Managing Networks in Trusted Extensions

Labeling Hosts and Networks

Configuring Routes and Multilevel Ports

Configuring Labeled IPsec

Troubleshooting the Trusted Network

Chapter 17 About Multilevel Mail in Trusted Extensions

Multilevel Mail Service

Trusted Extensions Mail Features

Chapter 18 Managing Labeled Printing

Labels, Printers, and Printing

Managing Printing in Trusted Extensions

Configuring Labeled Printing

Reducing Printing Restrictions in Trusted Extensions

Chapter 19 Trusted Extensions and Auditing

Auditing in Trusted Extensions

Chapter 20 Software Management in Trusted Extensions

Adding Software to Trusted Extensions

Appendix A Site Security Policy for Trusted Extensions

Appendix B Configuration Checklist for Trusted Extensions

Appendix C Quick Reference to Trusted Extensions Administration

Appendix D List of Trusted Extensions Man Pages

Trusted Extensions Glossary

Language:

How to Create a Rights Profile for Convenient Authorizations

Where site security policy permits, you might want to create a rights profile that contains authorizations for users who can perform tasks that require authorization. To enable every user of a particular system to be authorized, see How to Modify policy.conf Defaults.

Before You Begin

You must be in the Security Administrator role in the global zone.

Create a rights profile that contains one or more of the following authorizations.
For the step-by-step procedure, see How to Create a Rights Profile in Securing Users and Processes in Oracle Solaris 11.4.
- solaris.device.allocate – Authorizes a user to allocate a peripheral device, such as a microphone or CD-ROM.
  By default, Oracle Solaris users can read and write to a CD-ROM. However, in Trusted Extensions, only users who can allocate a device can access the CD-ROM drive. To allocate the drive for use requires authorization. Therefore, to read and write to a CD-ROM in Trusted Extensions, a user needs the Allocate Device authorization.
- solaris.label.file.downgrade – Authorizes a user to lower the security level of a file
- solaris.label.file.upgrade – Authorizes a user to heighten the security level of a file.
- solaris.login.remote – Authorizes a user to remotely log in.
- solaris.print.nobanner - Authorizes a user to print hard copy without a banner page.
- solaris.print.unlabeled – Authorizes a user to print hard copy that does not display labels.
- solaris.system.shutdown – Authorizes a user to shut down the system and to shut down a zone.
Assign the rights profile to a user or a role.
For step-by-step instructions, see Assigning Rights to Users in Securing Users and Processes in Oracle Solaris 11.4.

Copyright © 1992, 2020, Oracle and/or its affiliates.