On Thu, Oct 8, 2009 at 11:59 AM, David Abrahams <[email protected]> wrote: > > I'm trying to set up a daemon to do periodic backups, but I'm getting > tangled up in RBAC (among other things). The daemon needs a home > directory, so I created a user for it. I tried to set it up with > appropriate roles, but it appears even the 'Media Backup' role cannot > read all files regardless of permission, as root can. So I gave my > daemon's user 'file_dac_read' privileges: > > usermod -K 'default_privileges=file_dac_read' mydaemon
I think you need: usermod -K defaultpriv=basic,file_dac_read mydaemon Otherwise it has only file_dac_read and not others (such as the ability to execute programs). > > Its shell is set to /bin/false, but I could > > sudo -H -s -u mydaemon > > and execute commands. Now, all of a sudden, I get > > sudo: unable to execute /bin/bash: Not owner > > Why does it mention bash? That's my current shell, I suppose. > > Naturally su doesn't work either. If I change mydaemon's shell to > /bin/bash it doesn't help; I get the same error. > > I'm sure I'm going to run into problems getting this daemon into the svc > system as well, just because I'm so inexperienced. I have the strong > feeling someone has done this before me, the right way, and I can just > follow in his/her footsteps. Can anyone offer me some guidance? > > Thanks. > > -- > Dave Abrahams Meet me at BoostCon: http://www.boostcon.com > BoostPro Computing > http://www.boostpro.com > > > _______________________________________________ > indiana-discuss mailing list > [email protected] > http://mail.opensolaris.org/mailman/listinfo/indiana-discuss > -- Mike Gerdts http://mgerdts.blogspot.com/ _______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
