Robert Johnston wrote: > Gary Winiger wrote: >>> Rob's sent me updated materials which reflect the clarifications due >>> to the conversation here around privileges and the removal of >>> config/debug from the manpages. >>> >>> I've put them in the case directory. >> >>> config/rootdir >>> This is an astring property that defaults to "/". >>> When set, the specified root directory will be used for >>> all pathnames evaluated by snmp-notify. >> >>> 4.11. Security Impact: >>> >>> During daemon initialization, the smtp-notify daemon will reduce its >>> privileges to the following minimal set: >>> >>> afsr# ppriv 103247 >>> 103247: /usr/lib/fm/notify/snmp-notify >>> flags = PRIV_AWARE >>> E: basic >>> I: basic >>> P: basic >>> L: basic >>> >>> The case will introduce the following new authorization for >>> management >>> of the smtp-notify service: >>> >>> solaris.smf.manage.snmp-notify >>> >>> This case also introduces the "Event Notification Agent Management" >>> profile which will include the above authorization as well as the >>> new >>> authorization being added for the smtp-notify service. >> >> Similar to 2009/619, >> Can this privilege reduction be done with a method context instead >> of by the daemon? If so, why isn't that the choice? If not, >> why not? >> >> What uid/gid does the daemon run with and why -- unless it is >> noaccess. > > Same deal as smtp-notify. We initially start as uid/gid 0 to get the > sysevent stuff going and then change our uid/gid to noaccess/noaccess. > > >> Additionally this case seems not to follow the SMF policy for >> configuring properties. See >> http://sac.eng.sun.com/cgi-bin/bp.cgi?NAME=SMF.bp >> (there is an opensolsaris.org equivalent, but that website is >> not presently responding so I can't cut a paste the url). >> See appendix D relative to value_authorization. > > > Ok - let me look through this and get back.
Ah - ok - I see what you mean now. I've added the following authorizations for configuring the service properties for the two daemons, respectively: solaris.smf.value.smtp-notify solaris.smf.value.snmp-notify I've added these two authorizations to the "Event Notification Agent Management" profile (which also encapsulates the manage authorizations for these two daemons) I've also made the appropriate modifications to the service manifests. Thanks for catching that, rob
