A long time ago, Garrett D'Amore wrote: > I've been thinking, it seems to me that it is inconvenient that root > privilege is required to look at prom properties in the Solaris device > tree. I believe that the data located there is not security sensitive > (at least not normally), as long as unauthorized users are not allowed > to _modify_ those properties. > > I propose that /dev/openprom be changed to be mode 644, allowing any > user to access it. This would allow ordinary users to run prtconf -vp > (as well as a few other things like prtconf -F and prtconf -V) without > becoming root.
Hmm, on snv_60 and snv_66, /usr/sbin/*/prtconf is set-gid sys, and /dev/openprom is readable by group sys (though this might need casper's fix for 6574174 to make /dev/openprom once again owned by group sys). So the prtconf commands shouldn't need root priviledge. But why is /usr/sbin/eeprom installed as set-gid bin ? Shouldn't it be packaged as set-gid sys - so that /dev/openprom can be opened for reading ? This message posted from opensolaris.org _______________________________________________ opensolaris-code mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
