Andrew:
The functional replacement of the "Primary Administrator" RBAC profile is "System Administrator". If you use this instead, you should find that your use is able to run programs with pfexec in much the same way as you used to do with "Primary Administrator". Note that if you setup your login shell to a shell like pfsh, pfksh, pfcsh, pfbash, ..., then you do not have to run programs with pfexec when needed. With these shells, pfexec is automatically used when needed. If you want users to need to enter a role password in order to run programs, you can also configure the user to have access to a role which has the needed privileges (e.g. root). If RBAC is configured this way, then the panel will present the dialog to enter this role password before running such programs. But, it sounds like you more just want to use the "System Administrator" profile and avoid needing to enter passwords. Others have recommended "sudo". The sudo program is useful for those people who find it the best way to configure a needed system. That said, using sudo to just avoid the use of RBAC is probably not the best use. Brian On 11/11/11 11:37 AM, Andrew Watkins wrote:
I have lost the ability of making a user have access to root on Solaris 11 using the command pfexec. On the old Solaris 11 express box it works: =========================================== % grep andrew /etc/user_attr andrew::::profiles=Primary Administrator;roles=root % id uid=102(andrew) gid=10(staff) % pfexec id uid=0(root) gid=0(root) Now on Solaris 11 it does not: ============================== grep andrew /etc/user_attr andrew::::profiles=Primary Administrator;roles=root % id uid=102(andrew) gid=10(staff) % pfexec id uid=102(andrew) gid=10(staff) What do I have to do to get pfexec working again? Cheers, Andrew
_______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
