> So in fact, now the solaris/fping uses RBAC instead of setting uid of > the binary file directly. If normal user wants to use fping, he/she must > have been granted "net_icmpaccess" privilege(but as NIS user, we do not > have this privilege in general). > > -bash-3.2$ grep fping /etc/security/exec_attr > Network Management:solaris:cmd:::/usr/bin/fping:privs=net_icmpaccess > > -bash-3.2$ id > uid=201400(ll200400) gid=10(staff) > > -bash-3.2$ ppriv -De fping -h > fping[18609]: missing privilege "net_icmpaccess" (euid = 201400, syscall > = 230) needed at secpolicy_net_icmpaccess+0x24 > fping: can't create raw socket : Permission denied > > As a result, it seems not necessary to file a bug against fping.
Are you then saying that shmux will pfexec /usr/bin/fping so that administrators with the Network Management Rights Profile can use shmux to call fping? Gary..