On Mon, 2009-03-02 at 15:35 -0500, Girish M G wrote: > True. 'flowadm' directly writes to /etc/dladm/flowadm.conf after acquire > a global lock on that file. > > Surprisingly the permissions for this file is > > ls -alth /etc/dladm/datalink.conf > > -rw-r--r-- 1 dladm sys 1.4K Jan 23 21:25 > /etc/dladm/datalink.conf > > suggesting that 'dladm' user has write permission. However in the last > minute we change the ownership to 'dladm' after creating the file as root.
In that case, I definitely wouldn't model libipadm after this. It needs a proper API that requires authorizations, and not the root user. -Seb
