Btw, I'd still prefer if this device node were world readable. I hate
having to use setgid privilege to protect data that pretty much *anyone*
ought to be look at. It also means that other libdevinfo programs have
to be setgid sys. :-(
-- Garrett
Jürgen Keil wrote:
> A long time ago, Garrett D'Amore wrote:
>
>
>> I've been thinking, it seems to me that it is inconvenient that root
>> privilege is required to look at prom properties in the Solaris device
>> tree. I believe that the data located there is not security sensitive
>> (at least not normally), as long as unauthorized users are not allowed
>> to _modify_ those properties.
>>
>> I propose that /dev/openprom be changed to be mode 644, allowing any
>> user to access it. This would allow ordinary users to run prtconf -vp
>> (as well as a few other things like prtconf -F and prtconf -V) without
>> becoming root.
>>
>
> Hmm, on snv_60 and snv_66, /usr/sbin/*/prtconf is set-gid sys, and
> /dev/openprom is readable by group sys (though this might need
> casper's fix for 6574174 to make /dev/openprom once again owned
> by group sys).
>
> So the prtconf commands shouldn't need root priviledge.
>
> But why is /usr/sbin/eeprom installed as set-gid bin ?
> Shouldn't it be packaged as set-gid sys - so that /dev/openprom
> can be opened for reading ?
>
>
> This message posted from opensolaris.org
> _______________________________________________
> opensolaris-code mailing list
> [email protected]
> http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
>
_______________________________________________
opensolaris-code mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
