Discussion:
roles can only be assumed by authorized users
Duyen Dao
2008-09-12 01:46:03 UTC
Permalink
I has just installed open solaris 2008.05 -
after installed, I cannot login as root. when i login , i receives the message. " roles can be assumed by authorized users". How do I login as root directly ? . Secondly, when I su to root, I cannot run firefox. the error is unable to get display ....
Is there ways to have root login ? Thanks. - daoduyen
--
This message posted from opensolaris.org
Gregg Sporar
2008-09-12 02:28:10 UTC
Permalink
By default, the OpenSolaris 2008.05 installer creates the userid that
you specify and does *not* create a root userid. Instead, as the error
message indicates, root is a role. This is because OpenSolaris uses
Role Based Access Control (RBAC).

Note that the installer does assign the root role to the userid that you
specified during installation. So if you login with that userid you can
then use su to assume the root role (uid=0).

See http://dlc.sun.com/osol/docs/content/IPS/login.html for more
information. In particular, it includes the command that you would use
to change root from a role to a normal user:

# rolemod -K type=normal root

HTH,
Gregg
Post by Duyen Dao
I has just installed open solaris 2008.05 -
after installed, I cannot login as root. when i login , i receives the message. " roles can be assumed by authorized users". How do I login as root directly ? . Secondly, when I su to root, I cannot run firefox. the error is unable to get display ....
Is there ways to have root login ? Thanks. - daoduyen
--
This message posted from opensolaris.org
_______________________________________________
opensolaris-help mailing list
Duyen Dao
2008-09-12 13:58:52 UTC
Permalink
Thanks, I will try it tonight.
Cheers,
--
This message posted from opensolaris.org
Chris Quenelle
2008-11-05 18:03:01 UTC
Permalink
Is there any way to authorize the "root" role for my NIS login account
without needing permissions to manage the NIS inforamtion?

Can I perform a local modification that grants rights to NIS account?

I would like to leave RBAC enabled, but I need to login using
my NIS account and have the ability to use the root role.
--
This message posted from opensolaris.org
David Powell
2008-11-05 21:15:41 UTC
Permalink
Post by Chris Quenelle
Is there any way to authorize the "root" role for my NIS login account
without needing permissions to manage the NIS inforamtion?
Can I perform a local modification that grants rights to NIS account?
I would like to leave RBAC enabled, but I need to login using
my NIS account and have the ability to use the root role.
I have successfully added attributes locally to /etc/user_attr and
have had them apply to my NIS account.

I also specify "files nis" for all sources in nsswitch.conf; I don't
know if that is necessary for the above to work or not.

Dave
Chris Quenelle
2008-11-05 21:17:17 UTC
Permalink
From reading the docs, it sounded like this wouldn't work, but I tried
it anyway, and it works fine. It would be nice if the docs were
a little more explicit about this specific scenario since it's likely
to be common.

--chris
Post by Chris Quenelle
Is there any way to authorize the "root" role for my NIS login account
without needing permissions to manage the NIS inforamtion?
Can I perform a local modification that grants rights to NIS account?
I would like to leave RBAC enabled, but I need to login using my NIS
account and have the ability to use the root role.
I have successfully added attributes locally to /etc/user_attr and
have had them apply to my NIS account.
I also specify "files nis" for all sources in nsswitch.conf; I don't
know if that is necessary for the above to work or not.
Dave
Loading...