PSARC 2007/601 FastTrack timeout 12/05/2007 - "spec.txt" added to the materials directory
Gary Winiger
gww at eng.sun.com
Wed Dec 12 11:45:34 PST 2007
> I'm not sure what you mean by "noaccess". Do you want us to change the
> method_context for LMS from "root:root" to "noaccess:noaccess"?
As stated in the security best practice:
http://opensolaris.org/os/community/arc/bestpractices/security-questions
"If this project uses any privileged operations beyond what
a common user (e.g. "noaccess") can perform, why those are
necessary and how they are granted."
The point is to implement the principle of least privilege,
not to say you must run as noaccess:noaccess.
What is the minimum needed for this service? That is anything
above noaccess:noaccess permitted set = "basic'?
Gary..
More information about the opensolaris-arc
mailing list