Peter Tribble wrote: > On Thu, 2006-06-01 at 09:58, Darren J Moffat wrote: >> Peter Tribble wrote: >>> Hi, >>> >>>> I am proposing a new project to modify the Solaris packaging and patching >>>> utilities (pkgadd, patchadd, etc) to enable them to be used by ordinary >>>> users with no special privileges. A summary of the project is below. >>>> I'd like some feedback from the community on this project. The technical >>>> stuff is admittedly high-level but I think you will get the general idea. >>> As I see it, allowing users to use pkg*/patch* can take 3 forms: >>> >>> 1. Non-root users can manipulate the system packages. (Can be done >>> today with privileges, supposedly. Didn't for me when I tried it.) >> Exactly what did you try ? >> >> The way to do this is give the user the "Software Installation" RBAC >> profile eg: >> >> # usermod -P"Software Installation" petert >> >> petert$ pfexec pkgadd -d CSWfoo.pkg >> >> Is that what you tried ? If so how did it fail ? > > Almost. I was trying to apply patches rather than > packages. > > Yes, pkgadd amd pkgrm work (at least for the one or > two tests that I tried). But patches: > > touch: /var/sadm/patch/.patchaddLock cannot create > chmod: WARNING: can't access /var/sadm/patch/.patchaddLock > /usr/lib/patch/patchadd[27]: /var/sadm/patch/.patchaddLock: cannot > create > You must be root to execute this script. >
This is a bug, 6295283. Dave
