Sowmini.Varadhan at Sun.COM wrote: > On (03/02/09 14:48), Sebastien Roy wrote: > >>> We are considering using a model similar to that used for dladm/flowadm: >>> have an ipadm RBAC role with auths similar to those for dladm: >>> i.e., auths=solaris.smf.manage.wpa,solaris.smf.modify. >>> >> The libdladm model requires that writing to the database be done by >> dlmgmtd which is run as the dladm user (the datalink.conf file is only >> writable by the dladm user). Permissions to write to the file are not >> related to any authorizations AFAIK. How will this work for libipadm? >> > > How does this work for flowadm, which afaict writes to flowadm.conf > without dlmgmtd being the intermediary? >
True. 'flowadm' directly writes to /etc/dladm/flowadm.conf after acquire a global lock on that file. Surprisingly the permissions for this file is ls -alth /etc/dladm/datalink.conf -rw-r--r-- 1 dladm sys 1.4K Jan 23 21:25 /etc/dladm/datalink.conf suggesting that 'dladm' user has write permission. However in the last minute we change the ownership to 'dladm' after creating the file as root. ~Girish
