On 27/01/2014 15:22, Stephen S. Jones wrote:
OpenIndiana Community (OpenHoosiers?),
Bugs #4043 and #4067 recently were classified as complete and were closed.
From my perspective and through the most current updates, neither issue is
resolved.
My production hardware was running 151a7 and was updated last August to 151a8
until bugs 4042 and 4067 manifested themselves. I backed out to a Boot
Environment (BE) of 151a8 which did not manifest the bugs. Since I cannot
trust my productive hardware on unreliable updates, I have been testing updates
on a VMWare virtual machine (vm). This vm was installed using
oi-dev-151a8-live-x86.iso on about 20 December and updated using # pkg update
-v.
Still, as in late last August, USB drives can be mounted but not unmounted as me, the only user, logged-in in
gnome. As root with su in the command-line, I can # umount /media/the-USB-drive. Likewise, no trash can
appears on the bottom gnome panel on the Desktop. Neither "Trash" nor "Computer" can be
accessed by their buttons under Places in a File Browser. Also, "Computer" cannot be accessed by
its icon in the Main Toolbar of a File Browser. Other manifestations of the bugs exist including the ability
to use alacarte to create and to edit gui launchers.
As Predrag (wiki.oi on 25 Nov 2013), I am starting to believe that the errors
are being caused by authorizations and privileges of the RBAC system. As Milan
suggested to Gary in comments at the bottom of bug 4067, I checked my RBAC
profiles. Issuing “profiles” reported that I do have “Console User” as well as
“Suspend to RAM”, “Suspend to Disk” “Brightness”, “CPU Power Management”,
“Network Autoconf User”, “Basic Solaris User”, and “All”. Experimenting, I
also assigned to myself the profiles of “Desktop Removable Media User”,
“Primary Administrator”, and “Software Installation”. The additional profiles
had no effect. Issuing “roles” indicates that I have the role of “root”.
I had been a Solaris user and system administrator from Solaris 2.5.1 through
Solaris 10. I have been using OpenIndiana since 151a5. Unbeknownst to me at
the time, RBAC became a regular part of Solaris with version 10. Here with OI
151a9, I am ill prepared to troubleshoot the effects of RBAC on various
programs and operations. I hope that one of us OpenHoosiers with experience in
RBAC can pursue bugs 4043 and 4067 again with the hypothesis that RBAC is the
cause and solution.
Thanks
I'm writing this mail on a oi151a9 Desktop (completely unprivileged)
and can unmount my devices (I couldn't on a8).
Check your /etc/security/exec_attr, the basic solaris user should have:
Basic Solaris
User:solaris:cmd:::/usr/bin/cdda2wav.bin:privs=file_dac_read,sys_devices,proc_priocntl,net_privaddr
Basic Solaris
User:solaris:cmd:::/usr/bin/cdrecord.bin:privs=file_dac_read,sys_devices,proc_lock_memory,proc_priocntl,net_privaddr
Basic Solaris
User:solaris:cmd:::/usr/bin/readcd.bin:privs=file_dac_read,sys_devices,net_privaddr
Basic Solaris User:suser:cmd:::/usr/lib/ospm/lp-queue-helper:replaced by Desktop
Print Management
/etc/security/policy.conf should have:
AUTHS_GRANTED=solaris.device.cdrw
PROFS_GRANTED=Basic Solaris User
CONSOLE_USER=Console User
and /etc/logindevperm should read:
/dev/vt/console_user 0600 /dev/mouse:/dev/kbd
/dev/vt/console_user 0600 /dev/mouse:/dev/kbd
/dev/vt/console_user 0600 /dev/sound/* # audio devices
/dev/vt/console_user 0600 /dev/fbs/* # frame buffers
/dev/vt/console_user 0600 /dev/dri/* # dri devices
/dev/vt/console_user 0400 /dev/removable-media/dsk/* # removable
media
/dev/vt/console_user 0400 /dev/removable-media/rdsk/* # removable
media
/dev/vt/console_user 0400 /dev/hotpluggable/dsk/* # hotpluggable
storage
/dev/vt/console_user 0400 /dev/hotpluggable/rdsk/* # hotpluggable
storage
/dev/vt/console_user 0600 /dev/video[0-9]+ # video devices
/dev/vt/console_user 0600 /dev/usb/hid[0-9]+ # hid devices should have the same
permission with conskbd a
nd consms
/dev/vt/console_user 0600 /dev/usb/[0-9a-f]+[.][0-9a-f]+/[0-9]+/*
driver=scsa2usb,usb_mid,usbprn,ugen #lib
usb/ugen devices
/dev/vt/console_user 0620 /dev/console # workaround for
defect.opensolaris.org 12133
--
Dr.Udo Grabowski Inst.f.Meteorology a.Climate Research IMK-ASF-SAT
www.imk-asf.kit.edu/english/sat.php
KIT - Karlsruhe Institute of Technology http://www.kit.edu
Postfach 3640,76021 Karlsruhe,Germany T:(+49)721 608-26026 F:-926026
_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
