Hi Dennis,
That sounds like a package was installed (maybe cluster related) that overwrote
the default /etc/security/{user,prof}_attr.
SVR4 packages usually include a version of files like these that only contains
the definitions they want to add or modify (hence the reason I think this is
related to cluster installation). These are usually then merged into the
existing file using action scripts like :
/usr/sadm/install/scripts/i.rbac
the entries in the pkgmap would usually read something like:
1 e rbac etc/security/prof_attr 0644 root sys ...
if it doesn't contain the rbac element of the above line, it will most likely
just replace the existing one.
IPS doesn't use these action scripts, and AFAIK such files are merged before
being pushed into the repository, if you then install something from another
repo, it's possible that it will simply over-write this file, causing the effect
that you see.
Can you provide more information about what you may have installed recently
which could help you track down when this happened.
HTH,
Darren.
On 11/19/09 05:05 AM, dennis mathews wrote:
> Has anyone come across their RBAC files ( 200906 - 111b ) being reduced from
> around 60-odd entries to less than 5 ? Are these files auto-generated now by
> any chance ?
>
> Below is the full contents of the files. Incidentally exec_attr still has all
> it's contents. I know this because I've got the fresh installs bootenv.
>
> $ cat /etc/security/auth_attr
> solaris.cluster.admin:::Manage Quorum Server Daemons::
> solaris.cluster.read:::Print Quorum Server Configuration::
> solaris.smf.manage.zfs-auto-snapshot:::Manage the ZFS Automatic Snapshot
> Service::
>
> $ cat /etc/security/prof_attr
> Basic Solaris User::::auths=solaris.cluster.read
> Quorum Server Management::::auths=solaris.cluster.admin
>
> Looks very strange. I can't run pfexec anymore
>
> pfexec /usr/bin/cat /etc/shadow
> /usr/bin/cat: can't get execution attributes
>
> $profiles
> Primary Administrator
> Console User
> Basic Solaris User
> .. but none of these profiles have any entries in /etc/security/prof_attr
>
> $auths
> solaris.device.cdrw,solaris.cluster.read
>
> auths on the fresh install was solaris.*
>
> I have never tried directly editing these files nor have I changed any
> default profiles, or RBAC settings, so I'm confused how this might have
> happened. Could an update has caused this ?
>
> Possibly related to this is that my shutdown option from the menu has
> dissappeared.
