By "system files" do you mean the contents of /etc/apache2? At least in Nevada, there is now only one file that is not marked as editable:
/etc/apache2/httpd.conf-example f none 0644 root bin 16694 30581 1187823644 SUNWapch2r which I think is a bug and will file one if I do not see one existing. All of the files (even in Solaris 10) in /etc/apache2 are/should be editable by end users. If they are not - it is a bug IMHO. That said, as the author of the BluePrint, I should have noted that issue in the paper. I would make a note if I ever do an update to address this point. g Jyri Virkki wrote: > Darren J Moffat wrote: >> Restricting Service Administration in the Solaris 10 Operating System >> >> http://www.sun.com/blueprints/0605/819-2887.pdf >> >> That is the recommended approach, it is a superset of what you have done. > > Hm, this document also changes (p.10) ownership of system files under > /etc which are not marked as editable in their package prototype. > > -- Glenn Brunette Distinguished Engineer Director, GSS Security Office Sun Microsystems, Inc.
