[osol-discuss] pfexec does not work any longer
I have lost the ability of making a user have access to root on Solaris 11 using the command pfexec. On the old Solaris 11 express box it works: === % grep andrew /etc/user_attr andrewprofiles=Primary Administrator;roles=root % id uid=102(andrew) gid=10(staff) % pfexec id uid=0(root) gid=0(root) Now on Solaris 11 it does not: == grep andrew /etc/user_attr andrewprofiles=Primary Administrator;roles=root % id uid=102(andrew) gid=10(staff) % pfexec id uid=102(andrew) gid=10(staff) What do I have to do to get pfexec working again? Cheers, Andrew -- Andrew Watkins * Birkbeck College http://notallmicrosoft.blogspot.com/ ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] pfexec does not work any longer
On 11/11/11 09:37, Andrew Watkins wrote: Now on Solaris 11 it does not: == grep andrew /etc/user_attr andrewprofiles=Primary Administrator;roles=root Solaris 11 no longer includes the Primary Administrator profile. -- -Alan Coopersmith-alan.coopersm...@oracle.com Oracle Solaris Platform Engineering: X Window System ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] Oracle Solaris 11 - The First Cloud OS
On 11/11/2011, at 4:39 AM, Al Hopper wrote: Hi Glynn et al, Congrats on getting Sol 11 out the door. Thanks. Question: is there, o, will there be, an AWS (Amazon Web Services) EC2 Solaris 11 AMI available? This was a question asked at the launch event. At this stage, I don't have an answer right now - that's not to say it's out of the question. As with all of these types of things, it's always best to raise the interest with your local Oracle sales rep. Glynn ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] Oracle Solaris 11 install trouble, NVIDIA
On 11/10/11 21:09, Paul Gress wrote: /kernel/drv/amd64/nvidia: undefined symbol 'pm_destroy_components' warning: mod_load: cannot load module 'nvidia' You are using an old NVIDIA driver without the fix for IR 842949. Either use the bundled driver for Solaris 11 or any driver from nvidia.com posted after late summer. ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] pfexec does not work any longer
On 11/12/11 06:52 AM, Alan Coopersmith wrote: On 11/11/11 09:37, Andrew Watkins wrote: Now on Solaris 11 it does not: == grep andrew /etc/user_attr andrewprofiles=Primary Administrator;roles=root Solaris 11 no longer includes the Primary Administrator profile. So what is the equivalent? -- Ian. ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] pfexec does not work any longer
On 11/11/11 10:55, Ian Collins wrote: On 11/12/11 06:52 AM, Alan Coopersmith wrote: On 11/11/11 09:37, Andrew Watkins wrote: Now on Solaris 11 it does not: == grep andrew /etc/user_attr andrewprofiles=Primary Administrator;roles=root Solaris 11 no longer includes the Primary Administrator profile. So what is the equivalent? sudo is now the preferred default mechanism for authentication. It also caches the authentication for a short period before requiring it again. -Shawn ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] pfexec does not work any longer
Andrew Watkins and...@dcs.bbk.ac.uk wrote: I have lost the ability of making a user have access to root on Solaris 11 using the command pfexec. Allowing people to become root with pfexec is a secutity hole that I decribed years ago. People wo succeed to run commands via vulnerabilities of e.g. the browser will be able to gain root privileges with no extra effort as there is no passwd. Jörg -- EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin j...@cs.tu-berlin.de(uni) joerg.schill...@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] Oracle Solaris 11 install trouble, NVIDIA
On 11/11/11 01:15 PM, John Martin wrote: On 11/10/11 21:09, Paul Gress wrote: /kernel/drv/amd64/nvidia: undefined symbol 'pm_destroy_components' warning: mod_load: cannot load module 'nvidia' You are using an old NVIDIA driver without the fix for IR 842949. Either use the bundled driver for Solaris 11 or any driver from nvidia.com posted after late summer. Thanks John, I'll probably get the Latest NVIDIA driver. ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
