>If it's not setuid, then it won't gain any privileges just because you >define these authorizations. You would want to include the command in an >RBAC profile so that users who have the profile can run it with the >necessary privileges. In that case, there is probably no reason for the >additional authorization check.
And I'd prefer that: a exec_attr and a RBAC profile; if you want to check for the authorization, you will need to change more to the source. I'm assuming that it will not automatically "work" on Solaris. If you port it to Solaris, do you also use libdiskmgmt? Casper
