Phi Tran wrote:
>> I'm glad that you've decided to use an existing profile and not add
>> new authorizations. I just wanted to clarify that these are two
>> separate decisions.
>>
>
> There was an issue brought up about fdisk which doesn't have an entry
> in exec_attr. I assume the intention was to not allow regular users to
> use fdisk or maybe this is a bug. One could call fdisk from format,
> but I don't think that was a requirement to use fdisk.
>
> I think parted and fdisk should be allowed for regular users since
> these commands could be useful for removable media. These commands can
> be included with the File System Management profile and given
> appropriate privileges as suggested previously.
>
> I'd like to get any comments to see if there should be a
> reason that parted should follow fdisk permission handling or if the
> case should continue with adding parted to the File System Management
> profile with appropriate privileges.
>
I think the fact that fdisk is missing from File System Management is
just a bug. You should add parted to that profile with appropriate
privileges, and you may want to correct the previous bug by adding fdisk
too.
Scott
--
Scott Rotondo
Principal Engineer, Solaris Security Technologies
President, Trusted Computing Group
Phone/FAX: +1 408 850 3655 (Internal x68278)
