Trusted CDE Actions

The following tables list the CDE actions that roles in Trusted Extensions can run. These trusted CDE actions are available from the Trusted_Extensions folder. The Trusted_Extensions folder is available from the Application Manager folder on the CDE desktop.

Table 8-2 Administrative Actions in Trusted CDE, Their Purpose, and Associated Rights Profiles

Action Name	Purpose of Action	Default Rights Profile
`Add Allocatable Device`	Creates devices by adding entries to device databases. See `add_allocatable`(1M).	Device Security
`Admin Editor`	Edits the specified file. See How to Edit Administrative Files in Trusted Extensions.	Object Access Management
`Audit Classes`	Edits the `audit_class` file. See `audit_class`(4).	Audit Control
`Audit Control`	Edits the `audit_control` file. See `audit_control`(4).	Audit Control
`Audit Events`	Edits the `audit_event` file. See `audit_event`(4).	Audit Control
`Audit Startup`	Edits the `audit_startup.sh` script. See `audit_startup`(1M).	Audit Control
`Check Encodings`	Runs the `chk_encodings` command on specified encodings file. See `chk_encodings`(1M).	Object Label Management
`Check TN Files`	Runs the `tnchkdb` command on `tnrhdb`, `tnrhtp`, and `tnzonecfg` databases. See `tnchkdb`(1M).	Network Management
`Configure Selection Confirmation`	Edits `/usr/dt/config/sel_config` file. See `sel_config`(4).	Object Label Management
`Create LDAP Client`	Makes the global zone an LDAP client of an existing LDAP directory service.	Information Security
`Edit Encodings`	Edits the specified `label_encodings` file and runs the `chk_encodings` command. See `chk_encodings`(1M).	Object Label Management
`Name Service Switch`	Edits the `nsswitch.conf` file. See `nsswitch.conf`(4).	Network Management
`Set DNS Servers`	Edits the `resolv.conf` file. See `resolv.conf`(4).	Network Management
`Set Daily Message`	Edits the `/etc/motd` file. At login, the contents of this file display in the Last Login dialog box.	Network Management
`Set Default Routes`	Specifies default static routes.	Network Management
`Share Filesystem`	Edits the `dfstab` file. Does not run the `share` command. See `dfstab`(4).	File System Management

The following actions are used by the initial setup team during zone creation. Some of these actions can be used for maintenance and troubleshooting.

Table 8-3 Installation Actions in Trusted CDE, Their Purpose, and Associated Rights Profiles

Action Name	Purpose of Action	Default Rights Profile
`Clone Zone`	Creates a labeled zone from a ZFS snapshot of an existing zone.	Zone Management
`Copy Zone`	Creates a labeled zone from an existing zone.	Zone Management
`Configure Zone`	Associates a label with a zone name.	Zone Management
`Initialize Zone for LDAP`	Initializes the zone for booting as an LDAP client.	Zone Management
`Install Zone`	Installs the system files that a labeled zone requires.	Zone Management
`Restart Zone`	Restarts a zone that has already been booted.	Zone Management
`Share Logical Interface`	Sets up one interface for the global zone and a separate interface for the labeled zones to share.	Network Management
`Share Physical Interface`	Sets up one interface that is shared by the global zone and the labeled zones.	Network Management
`Shut Down Zone`	Shuts down an installed zone.	Zone Management
`Start Zone`	Boots an installed zone and starts the services for that zone.	Zone Management
`Zone Terminal Console`	Opens a console to view processes in an installed zone.	Zone Management