SunScreen 3.1 Installation Guide

Overview

On a Trusted Solaris system, any user has a set of profiles assigned, which list the operations they can perform as well as the privileges of the operations. For example, in order for a user to run a command (with certain privileges), that command must be present in one of the user's profiles. Therefore, to install and run SunScreen on a Trusted Solaris system, a SunScreen profile and a SunScreen Admin profile should be created. The ASCII format of the profile can be found in:

These files should be appended to the Trusted Solaris system profile (/etc/security/tsol/tsolprof) by the System administrator before installing SunScreen. Please refer to "To Edit the System Profile."

In Trusted Solaris, every process has privileges associated with it (called effective privileges). These effective privileges fall into the following categories:

A Trusted Solaris file also has a set of privileges called the allowed privileges. When a Trusted Solaris user executes a file (to create a process), the resulting process's effective privileges are the intersection of the file's allowed privileges and the user's privileges defined in the user's profile.

Therefore, all SunScreen executable files should have their allowed privileges set to all. This action is performed by two shell scripts:

If you use the SunScreen Installation program, these scripts are automatically called (see the following installation instructions).