Darren J Moffat wrote:
> Alan Coopersmith wrote:
>> scanpci continues to require extra privileges to run. The exec_attr
>> RBAC entry to grant these privileges to users with the "Desktop
>> Configuration" role will be updated to add the new scanpci path.
> ^^^^ profile not role, roles are user ids.
>
> The name of a new profile is an exported interface.
>
> What does the entry for scanpci in this exec_attr(4) profile look like ?
> Is it running it as euid=0 with all privs or something less ?
This is not a new profile, this is just duplicating the entry added for
scanpci by the TCR for PSARC 2004/187 that's already in exec_attr to have
the new path (leaving the old path so that pfexec of either path works).
That entry is:
Desktop Configuration:solaris:cmd:::/usr/X11/bin/scanpci:euid=0;privs=sys_config
So this case will add:
Desktop Configuration:solaris:cmd:::/usr/bin/scanpci:euid=0;privs=sys_config
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
