> So in fact, now the solaris/fping uses RBAC instead of setting uid of
> the binary file directly. If normal user wants to use fping, he/she must
> have been granted "net_icmpaccess" privilege(but as NIS user, we do not
> have this privilege in general).
>
> -bash-3.2$ grep fping /etc/security/exec_attr
> Network Management:solaris:cmd:::/usr/bin/fping:privs=net_icmpaccess
>
> -bash-3.2$ id
> uid=201400(ll200400) gid=10(staff)
>
> -bash-3.2$ ppriv -De fping -h
> fping[18609]: missing privilege "net_icmpaccess" (euid = 201400, syscall
> = 230) needed at secpolicy_net_icmpaccess+0x24
> fping: can't create raw socket : Permission denied
>
> As a result, it seems not necessary to file a bug against fping.
Are you then saying that shmux will pfexec /usr/bin/fping so
that administrators with the Network Management Rights Profile
can use shmux to call fping?
Gary..
