Thanks Meem and Garret for your comments. This is the first time pfexec has been used in our documentation.
Peter Memishian wrote: > > Whether pfexec grants you those privileges or not depends on what > > privileges you have been given in the authorizations database. > > ... and given that /etc/security/exec_attr currently contains: > > Network Link Security:solaris:cmd:::/sbin/dladm:euid=dladm;egid=sys; > privs=sys_net_config,net_rawaccess,proc_audit > Network Management:solaris:cmd:::/sbin/dladm:euid=dladm;egid=sys; > privs=sys_net_config,net_rawaccess,proc_audit So these privileges are given to the OpenSolaris user by default? It sounds like it. > > ... things should "just work" with pfexec. Indeed, a simple experiment: > > $ profiles > Primary Administrator > Console User > Suspend To RAM > Suspend To Disk > Brightness > CPU Power Management > Basic Solaris User > All > > $ dladm show-link > dladm: insufficient privileges > > $ pfexec dladm show-link > LINK CLASS MTU STATE OVER > bge0 phys 1500 up -- > > $ pfexec dladm create-vlan -v2 -l bge0 foo2 > $ pfexec dladm show-link > LINK CLASS MTU STATE OVER > bge0 phys 1500 up -- > foo2 vlan 1500 up bge0 > In regard to the usage above, you invoke pfexec every time you issue dladm. The pfexec procedure in our documentation currently says: 1. Start a privileged shell. user at opensolaris:- $ pfexec bash And then the user is presumably in the bash shell with the "#" prompt. The remaining command syntax does not include pfexec. It just looks like: # dladm show-link <output> and # ifconfig -a <output> I assume this is correct syntax after pfexec bash? - Steff
