On Thu, 2006-06-01 at 09:58, Darren J Moffat wrote: > Peter Tribble wrote: > > Hi, > > > >> I am proposing a new project to modify the Solaris packaging and patching > >> utilities (pkgadd, patchadd, etc) to enable them to be used by ordinary > >> users with no special privileges. A summary of the project is below. > >> I'd like some feedback from the community on this project. The technical > >> stuff is admittedly high-level but I think you will get the general idea. > > > > As I see it, allowing users to use pkg*/patch* can take 3 forms: > > > > 1. Non-root users can manipulate the system packages. (Can be done > > today with privileges, supposedly. Didn't for me when I tried it.) > > Exactly what did you try ? > > The way to do this is give the user the "Software Installation" RBAC > profile eg: > > # usermod -P"Software Installation" petert > > petert$ pfexec pkgadd -d CSWfoo.pkg > > Is that what you tried ? If so how did it fail ?
Almost. I was trying to apply patches rather than packages. Yes, pkgadd amd pkgrm work (at least for the one or two tests that I tried). But patches: touch: /var/sadm/patch/.patchaddLock cannot create chmod: WARNING: can't access /var/sadm/patch/.patchaddLock /usr/lib/patch/patchadd[27]: /var/sadm/patch/.patchaddLock: cannot create You must be root to execute this script. Patchadd is terminating. I also had failures when I had zones installed. Something about another user using the system. It was a good excuse to clean the machine up. -- -Peter Tribble L.I.S., University of Hertfordshire - http://www.herts.ac.uk/ http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/
