Re: [networking-discuss] device privileges (how to list who have a specific privilege)

Thu, 13 Aug 2009 14:17:31 -0700 

On 08/13/09 00:19, nono wrote:

HI,
I'm a new user of this OS.

Here is my problem :

The permissions on special file /dev/ip are "666 root sys".

I tried to modify this permission with the following command line without 
effect :

update_drv -m 'ip 0660 root sys' ip

The modification appear in minor_perm file but not on filesystem, even after 
reboot.

So, I open the documentation and can read that filesystem permissions are not 
sufficient to access to this file because it is protected by DAC.
It's necessary to have "net_rawaccess" privilege to open /dev/ip.

So how can I verify users or roles who have this privilege ? Is there a command 
to list them all ?


'ppriv $$' will list the privileges of the current shell.
'ppriv -l' will list all of them
'ppriv -lv' will include a better description.
Unfortunately, it is not easy to find out what privileges make up the 'basic' set. It does include proc_fork, proc_exec, proc_session, offhand.
ppriv -D -e <your command> will show you which privilege is missing on the first authorization failure. You will have to add that permission to proceed to the next possible failure. 

Using the example I posted elsewhere, using Solaris 10


s...@marlton: 322% cat /var/tmp/t.c
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>

main()
{
        int fd;
        int flags;

        flags = O_RDWR;
        fd = open("/dev/ip", flags);

        if ( fd < 0 )
        {
                printf("open failed\n");
        }
        else
        {
                printf("open succeeded with fd: %d\n", fd);
                close(fd);
        }
}
s...@marlton: 323% ppriv -D -e /var/tmp/t
t[23097]: missing privilege "net_rawaccess" (euid = 10789, syscall = 5) for "devpolicy" needed at spec_open+0xb6 
open failed
s...@marlton: 324% grep stw /etc/user_attr
stw::::type=normal;defaultpriv=basic,dtrace_kernel,dtrace_proc,dtrace_user,cpc_cpu,sys_resource


s...@marlton: 314% /var/tmp/t
open succeeded with fd: 3
s...@marlton: 315% grep stw /etc/user_attr
stw::::type=normal;defaultpriv=basic,dtrace_kernel,dtrace_proc,dtrace_user,cpc_cpu,sys_resource,net_rawaccess

Steffen



thanks for your help


_______________________________________________
networking-discuss mailing list
[email protected]

Reply via email to