Users, roles & pfexec (N Minutes)
Description
This demo explains how users, roles and privileges are handeled in OpenSolaris.
OpenSolaris Versions Supported
2008.05 or newer.
Points to Hit
- User management in OpenSolaris has some specifics, although it's still based on the /etc/passwd approach.
- Thanks to the roles and privileges system can be made more secure than with traditional approaches but still easy to use.
- You can control exactly what the users can and can't do.
Demo Prep
None.
Gotchas
None known.
Demo
- Show passwd file by running pfexec cat /etc/passwd. Explain pfexec and differences from sudo. No big surprises in the passwd file.
- Show file user_attr by running pfexec cat /etc/user_attr. Explain roles and privileges.
- Run the Users and groups application and show available roles. Explain Primary Administrator, Secondary administrator, MySQL administrator, etc.
- Back to terminal and show where the privileges are specified in /etc/user_attr.
- Switch to root by running su.
- Create a new user by running useradd joe.
- Specify password by running passwd joe.
- Switch to joe by running su joe.
- Now try to switch back to root using su. Explain why it doesn't work.
- Try running pfexec useradd foobar. Explain why it doesn't work
- Go to Users and Groups and add joe the privilege of Secondary administrator.
- Try running pfexec useradd foobar again.
- Now run passwd foobar. Explain why it doesn't work.
Demo Cleanup
Delete users joe and foobar.
Sign up or Log in to add a comment or watch this page.