Pat Bredenberg wrote: > The utility access /dev/xsvc, which is owned by root. Instead of > specifying the command must be run as root,
The device permissions and ownership aren't relevant here it is what privilege the device enforces for reading from it. > I could change it to > something along the lines of, "PRIV_FILE_DAC_READ privileges are > required to run this command." Would that suffice? Yes that is sufficient, please ensure though that the man page does say that it needs this because of use of /dev/xsvc. I think an entry in the already existing "Maintenance and Repair" RBAC profile would also be appropriate, but given the mostly debug nature of these I wouldn't insist on it. It would look like this: Maintenance and Repair:solaris:cmd:::/usr/bin/acpidump:privs=file_dac_read -- Darren J Moffat
