Dave Miner wrote: > > No, I don't think we should be creating a setuid program at this point. > All I really wanted in this bug was for beadm to be added to one of the > RBAC profiles. >
Which implies adding beadm to the /etc/security/exec_attr file like so: Software Installation:suser:cmd:::/sbin/beadm:uid=0;gid=bin This does make it an easier implementation solution which requires the user to use pfexec or pfsh to execute beadm which is still better than today. If that is the consensus instead of making it setuid then that is seems fine by me. Tim > Dave
