David-John Burrowes wrote:
> Hello Joel,
Make that "J?rg" - or "Joerg" when umlauts are not readily available :-o
>> I don't think we should port that to Solaris as is. There we have a
>> continuum of setups between 'basic user' and 'root'.
>>
>> Maybe on Solaris we should only have a choice whether to run or pfexec
>> such an app? Or simply another menu item that pfexec's it? It gets more
>> complicated when you try to support roles (including, possibly, root).
>> Because then you not only need 'an' administrative password, but also a
>> way to specify the role to which it applies. Maybe we can at least
>> enumerate all available roles instead of requiring manual input.
>
> Can you give a little more background on what you are speaking about
> here? I assume you aren't speaking about Trusted Solaris details, are
> you (though, that's perhaps relevant too).
No.
> I'm poking at bit at "man
> profiles(1)", but it assume I have knowledge that I don't have. What's
> the right entrypoint for this wad of knowledge?
>
The best ones are probably [1] and [2] from docs.sun.com.
If you prefer man pages, you should look at
pfexec(1),
prof_attr(4), exec_attr(4), user_attr(4),
profiles(1), auths(1), roles(1),
ppriv(1), privileges(5)
but I'm not sure what would be the best entry point.
[1] Solaris 10 System Administration Guide: Security Services
<http://docs.sun.com/app/docs/doc/816-4557>
[2] Solaris 10 Solaris Security for Developers Guide
Chapter 2: Developing Privileged Applications
<http://docs.sun.com/app/docs/doc/816-4863/6mb20lvf9?a=view>
HTH, Joerg
--
Joerg Barfurth phone: +49 40 23646662 / x66662
Software Engineer mailto:joerg.barfurth at sun.com
Desktop Technology
Thin Client Software http://www.sun.com/software/sunray/
Sun Microsystems GmbH http://www.sun.com/software/javadesktopsystem/
