Some releases ago Solaris introduces a Role Bases Access System (details and introduction here). The upshot of this is that Profiles can be attached to a user account, giving this account elevated privileges for some tasks.
The main administrator account should probably be able to execute all command with root privileges. Linux/BSD systems use sudo
for this, Solaris has pfexec
. From a high level standpoint those two commands serve much the same purpose.
Almost all tutorials about pfexec
will mention the "Primary Administrator" profile, which will give an account the permissions to execute every command as root. The rub is that a (reduced) Solaris install does not contain this profile. Instead, it is hidden in the SUNWwbcor package. It has to be installed separately.
# gkp.pl -d /mnt/Solaris_11/Product SUNWwbcor
[...]
# usermod -P'Primary Administrator' admin
# su - admin
$ id
uid=500(admin) gid=100(users)
$ pfexec id
uid=0(root) gid=0(root)
The admin user can now execute every command as root without needing the root password (or any password, for that matter) simply by prefixing it with pfexec