On Fri, Jan 16, 2009 at 05:09:12PM +0000, Alan Maguire wrote: > hi folks > > in a recent changeset I pushed changes > that cause nwamd and netcfgd to run > as user "netcfg", group "netadm", as > per the spec. In doing so I noticed a few things: > > - libsysevent calls fail if the uid is > not the root user. I've wrapped these > calls only in calls to setuid(0) - is there > a better way to do this?
Hmm, seems like there should be. I would think giving netcfg the appropriate authorization should work, but I'm not sure what the authorization would be! Though, looking at the source code, the check is explicitly for uid == 0. That doesn't look good. > - the netcfg user doesn't seem to have > authorizations to modify SMF properties > (nwamd needs to alter its own "upgraded" > property after upgrading config) > - the netcfg user doesn't seem to have > authorizations to read/write NWAM config > solaris.network.autoconf.[read|write] > > I got round these latter two by > modifying usr/src/lib/libsecdb/user_attr.txt > to add those authorizations to the netcfg > user, but I suspect the right answer is > to assign a profile in this file instead. > Does anyone have any thoughts on this? I agree, a profile is the way to go. That profile would need (at least) the solaris.smf.manage, solaris.smf.modify, and the solaris.network.autoconf.* authoriziations. We'll probably discover more along the way as well. -renee > > Thanks! > > Alan > _______________________________________________ > nwam-dev mailing list > nwam-dev at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/nwam-dev
