SMF uses authorizations to determine whether or not a person is allowed perform a svcadm action. On my 2008.05 system the auths(1) command shows that the default user has authorizations of solaris.*. This means that the user is authorized to do anything.
For more information on how you can use more specific authorizations to allow specific svcadm activities for a given user, see the man page for smf_security(5) and this question in the SMF FAQ http://opensolaris.org/os/community/smf/faq/#toc15. tom Sean Sprague writes: > Me again :-( > > Again, 2008.05 with snv_90 on top (but same in 2008.05 vanilla (I think)) > > I was dipping my toe into NWAM, and was surprised that the user that I > created during the 2008.05 install process could manipulate NWAM (and > subsequently other) SVC-arbited processes through svcadm without the need for > prefixing commands with pfexec. > > Is this right? I was under the impression that this user could, only through > user_attr assume the role of root; and thus be granted temporary > administrative rights. By svcadm now apparently working without pfexec, I > become confused - where is it defined that this user has some de facto admin > rights, and what determines when you need to use pfexec or not (apart from > ordinary UNIX privileges)? Is it somewhere under /etc/security? I looked > briefly... > > Any pointers gratefully received. Thanks... Sean. > > (BTW: more dumbness to follow shortly...) > -- > > This message posted from opensolaris.org > > _______________________________________________ > indiana-discuss mailing list > [email protected] > http://mail.opensolaris.org/mailman/listinfo/indiana-discuss _______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
