Andrew:
Thanks for the information, but it does not work. I will have another
look at the documentation, since I may be missing something in the new
release.
For example, I use a line like this /etc/user_attr file for each user
that needs to have root role access:
user::::roles=root;profiles=System
Administrator,punchin;lock_after_retries=no
You can omit the ",punchin" if you don't use it, of course.
But you say it does not work. If you are using a user with settings
like this in /etc/user_attr, and if you are seeing issues, then what
does not seem to be working right?
Also, Darren is right that the GNOME Panel does not support the
sudo-like default of not requiring re-authentication for a period
of time. But note that the panel should not pop up dialogs asking
for passwords if your user is associated with the "System
Administrator" profile, only if your user does not, but has access to
the "root" role. So, it is pretty easy to configure users with RBAC
to not require passwords to run the programs needed.
Brian
On 11/14/11 07:36 PM, Brian Cameron wrote:
Andrew:
The functional replacement of the "Primary Administrator" RBAC profile
is "System Administrator". If you use this instead, you should find
that your use is able to run programs with pfexec in much the same way
as you used to do with "Primary Administrator".
Note that if you setup your login shell to a shell like pfsh, pfksh,
pfcsh, pfbash, ..., then you do not have to run programs with pfexec
when needed. With these shells, pfexec is automatically used when
needed.
If you want users to need to enter a role password in order to run
programs, you can also configure the user to have access to a role
which has the needed privileges (e.g. root). If RBAC is configured
this way, then the panel will present the dialog to enter this role
password before running such programs. But, it sounds like you more
just want to use the "System Administrator" profile and avoid needing
to enter passwords.
Others have recommended "sudo". The sudo program is useful for those
people who find it the best way to configure a needed system. That
said, using sudo to just avoid the use of RBAC is probably not the best
use.
Brian
On 11/11/11 11:37 AM, Andrew Watkins wrote:
I have lost the ability of making a user have access to root on Solaris
11 using the command pfexec.
On the old Solaris 11 express box it works:
===========================================
% grep andrew /etc/user_attr
andrew::::profiles=Primary Administrator;roles=root
% id
uid=102(andrew) gid=10(staff)
% pfexec id
uid=0(root) gid=0(root)
Now on Solaris 11 it does not:
==============================
grep andrew /etc/user_attr
andrew::::profiles=Primary Administrator;roles=root
% id
uid=102(andrew) gid=10(staff)
% pfexec id
uid=102(andrew) gid=10(staff)
What do I have to do to get pfexec working again?
Cheers,
Andrew
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
