Mark James Adams wrote: > Thanks for your informative response and for pointing me over to the right > forum. > > I had been using smc to manage the rights profile. Looking at > /etc/security/exec_attr, I had been missing the uid=0 on the end of the > entry. In smc, it looks like this is added through the "Set Security > Attributes..." pane. I was still getting a "you must run pkgadd as root" > error message, but once I added pkgadd to "Commands Permitted", it worked > fine. > > I'm really liking the idea of RBAC. I can see, for instance, making a new > role that can only start and stop mongrel and the postgresql server and > perform other common web application related admin tasks.
See the Library section of the security community page on opensolaris.org: http://opensolaris.org/os/community/security/library/ There are a few blueprints in there that will help you out with that. -- Darren J Moffat
