Changing the Solaris Management Console Window
The layout of the console window is highly configurable. You can use the following features to change the console window layout:
View menu - Use the Show option in the View menu to hide or display the optional bars and panes. The other options in the View menu control the display of nodes in the view pane.
Console menu - Use the Preferences option to set the following: the initial toolbox, the orientation of panes, clicking or double-clicking for selection, text and/or icons in the tool bar, fonts, default tool loading, authentication prompts, and advanced logins.
Context Help/Console Events toggles - Use icons at the bottom of the information pane to toggle between the display of context-sensitive help and console events.
Solaris Management Console Documentation
The main source of documentation for using the console and its tools is the online help system. There are two forms of online help: context-sensitive help and expanded help topics.
Context-sensitive help responds to your use of the console tools.
Clicking the cursor on tabs, entry fields, radio buttons, and so forth, causes the appropriate help to appear in the Information pane. You can close, or reopen the Information pane by clicking the question mark button on dialog boxes and wizards.
Expanded help topics are available from the Help menu or by clicking cross reference links in some context-sensitive help.
These topics appear in a separate viewer and contain more in-depth information than is provided by the context help. Topics include overviews of each tool, explanations of how each tool works, files used by a specific tool, and troubleshooting.
For a brief overview of each tool, refer to Table 2-1.
How Much Role-Based Access Control?
As described in "Why Use the Solaris Management Console?", a major advantage of using the Solaris management tools is the ability to use Role-Based Access Control (RBAC). RBAC provides administrators with access to just the tools and commands they need to perform their jobs.
Depending on your security needs, you can use varying degrees of RBAC, as follows:
RBAC Approach | Description | For More Information |
|---|---|---|
No RBAC | Allows you to perform all tasks as superuser. You can log in as yourself. When you select a Solaris management tool, you enter root as the user and the root password. | |
Root as a Role | Eliminates anonymous root logins and prevents users from logging in as root. This approach requires users to log in as themselves before they assume the root role. Note that you can apply this technique whether or not you are using other roles. | "Making Root a Role" in System Administration Guide: Security Services |
Single Role Only | Uses the Primary Administrator role, which is roughly equivalent to having root access only. | |
Suggested Roles | Uses three roles that are easily configured: Primary Administrator, System Administrator, and Operator. These roles are appropriate for organizations with administrators at different levels of responsibility whose job capabilities roughly fit the suggested roles. | "Role-Based Access Control (Overview)" in System Administration Guide: Security Services |
Custom Roles | You can add your own roles, depending on your organization's security needs. | "Planning for RBAC" in System Administration Guide: Security Services |
Becoming Superuser (root) or Assuming a Role
Most administration tasks (such as adding users, file systems, or printers) require that you first log in as root (UID=0) or assume a role if you are using RBAC. The root account, also known as the superuser account, is used to make system changes and can override user file protection in emergency situations.
The superuser account and roles should be used only to perform administrative tasks to prevent indiscriminate changes to the system. The security problem associated with the superuser account is that a user has complete access to the system even when performing minor tasks.
In a non-RBAC environment, you can either log into the system as superuser or use the su command to change to the superuser account. If RBAC is implemented, you can assume roles through the console or use su and specify a role.
When you use the console to perform administration tasks, you can do one of the following:
Log into the console as yourself and then supply the root user name and password.
Log into the console as yourself and then assume a role.
A major benefit of RBAC is that roles can be created to give limited access to specific functions only. If you are using RBAC, you can run restricted applications by assuming a role rather than becoming superuser.
For step-by-step instructions on creating the Primary Administrator role, see "How to Create the First Role (Primary Administrator)". For an overview on configuring RBAC to use roles, see "Configuring RBAC (Task Map)" in System Administration Guide: Security Services.
How to Become Superuser (root) or Assume a Role
Become superuser or assume a role by using one of the following methods. Each method requires that you know either the superuser password or the role password.
Select one of the following to become superuser.
Log in as a user, start the Solaris Management Console, select a Solaris management tool, and then log in as root.
This method enables to you perform any management task from the console.
For information on starting the Solaris Management Console, see "How to Start the Solaris Management Console in a Name Service Environment".
Log in as superuser on the system console.
hostname console: root Password: root-password #
The pound sign (#) is the Bourne shell prompt for the superuser account.
This method provides complete access to all system commands and tools.
Log in as a user, and then change to the superuser account by using the su command at the command line.
% su Password: root-password #
This method provides complete access to all system commands and tools.
Log in remotely as superuser. This method is not enabled by default. You must modify the /etc/default/login file to remotely log in as superuser on the system console. For information on modifying this file, see "Securing Systems (Tasks)" in System Administration Guide: Security Services.
This method provides complete access to all system commands and tools.
Select one of the following to assume a role.
Log in as user, and then change to a role by using the su command at the command line.
% su role Password: role-password $
This method provides access to all the commands and tools the role has access to.
Log in as a user, start the Solaris Management Console, select a Solaris management tool, and then assume a role.
For information on starting the Solaris Management Console, see "How to Start the Console as Superuser or as a Role".
This method provides access to the Solaris management tools that the role has access to.