[ Contents ] [ Index ]

Solaris - Creating Users and Passwords

Administrator (User) Security Levels and Guidelines

If you are running the SANscape application within a system using the Solaris operating environment, administrator security levels are automatically created during the installation process. You only need to set passwords and assign users according to the desired permission level.

SANscape administrative functions require access logins and passwords to prevent the possibility of one administrator reallocating or removing storage resources belonging to other clients and hosts without authorization.

You assign separate passwords for the three levels of security for the SANscape program. You do this by setting up three users on the agents that have storage devices that are managed by SANscape. These three users are automatically added during the installation of the SANscape Agent.

The SANscape security levels must have these exact names:

ssmon

Represents the monitoring level of the software.

ssadmin

Represents the administration level of the software and provides access to the Rebuild, Parity Check, and Schedule Parity Check functions, as well as monitoring.

ssconfig

Represents the configuration level of the software and gives the installer direct access to the configuration functions and all other related aspects of the program.

These names are required for the three security levels. After installation, you must assign a password to each security name.

ssmon, ssadmin, and ssconfig are logins that correspond only to security levels within SANscape. For UNIX operating environments, the default shell for these accounts is assigned to /bin/false to prevent the user IDs from being used for interactive logins.

SANscape can be set up so that monitoring does not require users to provide the ssmon password. This is accomplished by selecting the Auto Discovery option when the servers are added to the Managed Servers List at the SANscape Console. You can set up these three logins and passwords locally on each server. (The accounts can have different passwords on each server, if desired.)

Once you have set up these three logins on the agents to be managed, the system administrator typically provides user access to SANscape by assigning employees appropriate passwords, which are based on the level of security required to complete tasks. For example, everyone who has administration privileges on a particular server would be assigned the same password that was established for the user ssadmin.

NOTE: To add servers to the Managed Servers List, refer to Adding a Server.

Creating Passwords and Permissions

  1. To create a password for each of the new users, type

    passwd <user-name>

  2. Administrators might also want to change group permissions, which are defined in the svrlist.dat file, located in the /opt/dothill/ssconsole directory during installation.
  3. The SANscape Console is a Java-based utility, and as such, cannot provide facilities to control permissions or ownership of files that SANscape creates. The srvlist.dat file is easily readable by various forms of ASCII text processors. It contains the encrypted password for the user ssmon and can be decrypted.
  4. NOTE: Do not change the permissions and group ownership of svrlist.dat after adding all agents that are being monitored.

[ Contents ] [ Index ]