http://defect.opensolaris.org/bz/show_bug.cgi?id=11321
--- Comment #3 from Anurag S. Maskey <Anurag.Maskey at Sun.COM> 2009-12-01 15:20:52 UTC --- (In reply to comment #2) > > So the select auth would allow the bit of writing required to select/enable a > profile, but not allow changing of other profile properties, which would still > require the write auth. Correct? > It seems like a new solaris.network.autoconf.wifiadm authorization > (alternative > name suggestions welcome!) would work; that auth would be required (instead of > autoconf.write) to create/modify known wlan objects. Is that sufficient? Those are my thoughts to both your questions. The select auth would allow enable/disable and would be checked in the door server in nwamd. The wifiadm auth would be required to manipulate the Known WLAN objects and would be checked in netcfgd backend server. Other minor RBAC related bugs I discovered: * Network Autoconf profile should be removed from Network Management profile. This got added in a mismerge with onnv_128. * solaris.smf.manage.location auth and related help file is missing from usr/src/lib/libsecdb/auth_attr.txt * netcfg user does not need solaris.smf.modify auth -- Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
