John Sonnenschein wrote:
> Is there a particular reason we require the Primary Administrator
> profile to be in effect in order to run pkg(5) ?
>
> Short-term adding a line like "Software
> Installation:solaris:cmd:::/usr/bin/pkg:euid=0" to
> /etc/security/exec_attr would allow a sysadmin to grant Software
> Installation to a junior admin without requiring full privs.
Is there any real difference? Once you can install software,
you can install a package that has a setuid-root copy of /bin/sh
and get the same privileges.
--
-Alan Coopersmith- [email protected]
Sun Microsystems, Inc. - X Window System Engineering
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
