libpciaccess & scanpci [PSARC/2008/638 FastTrack timeout 10/22/2008]
Alan Coopersmith
Alan.Coopersmith at sun.com
Thu Oct 16 08:04:37 PDT 2008
Darren J Moffat wrote:
> Alan Coopersmith wrote:
>> scanpci continues to require extra privileges to run. The exec_attr
>> RBAC entry to grant these privileges to users with the "Desktop
>> Configuration" role will be updated to add the new scanpci path.
> ^^^^ profile not role, roles are user ids.
>
> The name of a new profile is an exported interface.
>
> What does the entry for scanpci in this exec_attr(4) profile look like ?
> Is it running it as euid=0 with all privs or something less ?
This is not a new profile, this is just duplicating the entry added for
scanpci by the TCR for PSARC 2004/187 that's already in exec_attr to have
the new path (leaving the old path so that pfexec of either path works).
That entry is:
Desktop Configuration:solaris:cmd:::/usr/X11/bin/scanpci:euid=0;privs=sys_config
So this case will add:
Desktop Configuration:solaris:cmd:::/usr/bin/scanpci:euid=0;privs=sys_config
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
More information about the opensolaris-arc
mailing list