Shawn Walker wrote: > On Dec 6, 2007 4:41 AM, Darren J Moffat <[EMAIL PROTECTED]> wrote: >> You REALLY REALLY REALLY REALLY don't want to test that the user has a >> specifically named profile - not even pfexec (pfsh,etc) do that. It is >> very likely that the user may have a differently named profile with the >> required privileges/uid assigned to the command. > > One of the Sun tools I saw (whose name eludes me at the moment)
I'd like to know so I can get it fixed because that is broken - unless it is an application explicitly giving the profile to a user account. > explicitly checked for the "Software Installation Profile" -- since > I'm the ignorant person that suggested this to John, can you clarify > how you can check for sufficient privileges? You shouldn't you should do the operation and if it fails with permission denied you know you don't have permission. It isn't your job as a userland application or library to check privileges that is the job of the kernel. Don't try and second guess the kernel. > In other words, if you want to ensure that a user has the privileges > equivalent to a "Software Installation Profile" how do you go about > doing that? Why do you want to do that at all ? What is the real problem you think needs solving here ? > I assume somehow using libsecdb as you hint at below? libsecdb allows you to properly lookup the profiles a user has - rather than directly parsing the /etc/user_attr file, that was the "other" part of my response. -- Darren J Moffat _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
