On 10/10/10 1:11 AM, Stephan Budach wrote:
Great - I will check it asap (today, that is ;) ). I had already
considered to sit down and do some scripting for nappit installation
on Openindiana, but I didn't had the time to do so.
Btw, on Openindiana oi_147 I was only able to get napp-it working by
adding
All:suser:cmd:::*:uid=0
to exec_attr.
Sorry, I haven't been following this thread so I don't know what issues
you've been trying to resolve. But the change above is not the right
solution to any problem. All users are granted this profile by default,
as a subprofile of Basic Solaris User. So the net effect is to allow any
user to execute any command as uid 0. It's equivalent to posting the
root password in /etc/motd (and changing root to a regular account
instead of a role).
If you really want to give superuser powers to some user, assign them
the Primary Administrator profile using usermod -P. Better yet, create a
new profile containing just the command(s) that need to run with
privilege and assign that to the user.
Scott
--
Scott Rotondo
Senior Principal Engineer, Solaris Core OS Engineering
President, Trusted Computing Group
Phone: +1 408 276 6987 (Internal x66987)
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
