I'm guessing a bit here (as I'm not 100% certain how these files are
generated or delivered), but according to what I think are the "source"
files:
http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/lib/libsecdb/prof_attr.txt
http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/lib/libsecdb/auth_attr.txt
both files are much larger than what you are seeing.
My "jump-to-cause" would be the cluster installation script/method which
seems to have added to these files, and stripped out the CDDL block from
the top too. Checking an snv_125-based OpenSolaris system shows me:
$ wc -l /etc/security/[ap]*_attr
202 /etc/security/auth_attr
131 /etc/security/prof_attr
333 total
If you have an older BE where these files are intact, I would be tempted
to re-activate that (assuming you've not upgraded your ZFS pool version)
and retry the various upgrades/installs you did in separate, new BEs to
find the one which "broke" these files. All this can be done without
disturbing your existing BE.
Regards,
Brian
dennis mathews wrote:
Has anyone come across their RBAC files ( 200906 - 111b ) being reduced from
around 60-odd entries to less than 5 ? Are these files auto-generated now by
any chance ?
Below is the full contents of the files. Incidentally exec_attr still has all
it's contents. I know this because I've got the fresh installs bootenv.
$ cat /etc/security/auth_attr
solaris.cluster.admin:::Manage Quorum Server Daemons::
solaris.cluster.read:::Print Quorum Server Configuration::
solaris.smf.manage.zfs-auto-snapshot:::Manage the ZFS Automatic Snapshot
Service::
$ cat /etc/security/prof_attr
Basic Solaris User::::auths=solaris.cluster.read
Quorum Server Management::::auths=solaris.cluster.admin
Looks very strange. I can't run pfexec anymore
pfexec /usr/bin/cat /etc/shadow
/usr/bin/cat: can't get execution attributes
$profiles
Primary Administrator
Console User
Basic Solaris User
.. but none of these profiles have any entries in /etc/security/prof_attr
$auths
solaris.device.cdrw,solaris.cluster.read
auths on the fresh install was solaris.*
I have never tried directly editing these files nor have I changed any default
profiles, or RBAC settings, so I'm confused how this might have happened. Could
an update has caused this ?
Possibly related to this is that my shutdown option from the menu has
dissappeared.
--
Brian Ruthven
Solaris Revenue Product Engineering
Sun Microsystems UK
Sparc House, Guillemont Park, Camberley, GU17 9QG
_______________________________________________
opensolaris-discuss mailing list
[email protected]
