[jds-review] Fix for #263 Adding profiles via Users & Groups tab cause password to be required

Mon, 10 Mar 2008 13:44:18 +0800 

Laca,

>This doesn't sound like the right fix to me, more like a quick
>workaround.
>  
>
Sure. it's a workaround.

>I think system tools should know the right order of profiles
>and/or allow the admin to change the order in the GUI.
>
>  
>
I totally agree with you that System tools should deal with the order of
profiles which is sensitive for pfexec. But it needs more efforts and
some changes of GUI. GUI may have two columes which show system profiles
and user's profiles respectively and some buttons, for instance, "add",
"remove", "up" and "down" which deal with profiles and it's order.

Any suggestion? Should I add comments and something else for a workaround?

Thanks

Jim

>Laca
>
>On Thu, 2008-03-06 at 21:33 +0800, Jim Li wrote:
>  
>
>>All,
>>
>>When adding some profiles for a user, Users & Groups also add system 
>>default profiles to user's profile list in alphabetic order which cause 
>>that "Basic Solaris User" and "All" profile are before other profiles, 
>>for instance, "Primary Administrator", in which pfexec doesn't work in 
>>right way.
>>
>>So just remove system default profile from user's profile list.
>>
>>Thanks
>>
>>Jim
>>plain text document attachment (buffix263)
>>--- system-tools-backends-1.4.2.pre-fix/users-conf.in Thu Mar  6 18:41:21 2008
>>+++ system-tools-backends-1.4.2/users-conf.in Thu Mar  6 18:45:07 2008
>>@@ -248,6 +248,27 @@
>>   $$hash{"rbacdb"} = \%rbac;
>> }
>> 
>>+sub read_rbac_default_profiles
>>+{
>>+  return unless ( $gst_dist =~ /^solaris/ );
>>+
>>+  my ($buffer, $line, $dummy, @def_prof, $def_prof_ref);
>>+  $buffer = &gst_file_buffer_load("/etc/security/policy.conf");
>>+  foreach $line ( @$buffer ) {
>>+    chomp $line;
>>+    if ( $line =~ /^PROFS_GRANTED=/ )
>>+      {
>>+        ($dummy, $def_line) = split(/=/, $line, 2);
>>+        @def_prof = split (/,/, $def_line);
>>+        foreach ( @def_prof ) {
>>+          $def_prof_ref->{$_} = 1;
>>+        }
>>+        return $def_prof_ref;
>>+      }
>>+    next;
>>+  }
>>+}
>>+
>> sub get_login_defs_prop_array
>> {
>>   my @prop_array;
>>@@ -1123,7 +1144,9 @@
>>       push( @profiles, @$new_user_profiles );
>>       if ( $#profiles >= 0 ) {
>>         my $profiles_str = "";
>>+        my $def_profiles = read_rbac_default_profiles();
>>         foreach ( @profiles ) {
>>+          next if ( exists ($def_profiles->{$_}) );
>>           $profiles_str .= ',' unless ( $profiles_str eq "" );
>>           $profiles_str .= $_;
>>         }
>>@@ -1224,7 +1247,9 @@
>>       }
>>       if ( $#profiles >= 0 ) {
>>         my $profiles_str = "";
>>+        my $def_profiles = read_rbac_default_profiles();
>>         foreach ( @profiles ) {
>>+          next if ( exists ($def_profiles->{$_}) );
>>           $profiles_str .= ',' unless ( $profiles_str eq "" );
>>           $profiles_str .= $_;
>>         }
>>    
>>
>
>  
>

Reply via email to