On 03/11/2016 15:18, Peter Tribble wrote:
On Fri, Mar 11, 2016 at 12:03 PM, Alexander Pyhalov <[email protected]> wrote:
The problem I see with using pfexec is that bad things happen if the user
has some other profiles or privileges, so you end up giving those programs
rights they don't need. For example, if the user is Primary Administrator
then pfexec usually equates to "run as root", which probably isn't what you
intend. Generally, using pfexec assumes that the program being run is
privilege aware (so it can drop any unexpected privileges).
I see this, but don't have good answer besides writing in the docs
"Don't use Primary Administrator profile".
The issue is that we want to give these programs sys_devices priveleges.
Is there good way to do this without using pfexec?
"pfexec -P sys_devices something" doesn't seem to work.
--
Best regards,
Alexander Pyhalov,
system administrator of Southern Federal University IT department
_______________________________________________
oi-dev mailing list
[email protected]
http://openindiana.org/mailman/listinfo/oi-dev
