What is the relationship between privileges and file permissions? I am getting a permission denied error due to lack of file_dac_* privilege.
Here's one of my simple cases... I have the following entry in /etc/security/exec_attr: App Log Management:solaris:cmd:::/u01/apps/bin/logLvl:euid=app;egid=app;privs=all where /u01/apps/bin/logLvl has read and execute permissions (0500) only for the user app. This entry in /etc/security/prof_attr: App Log Management:::Manage App Logs: This entry in /etc/user_attr: pjlv::::type=normal;profiles=App Management So when I am logged in as pjlv, my understanding was that I could run /u01/apps/bin/logLvl without issues but it's failing in this manner: $ pfexec /u01/apps/bin/logLvl pfexec: Permission denied $ pfexec ppriv -De /u01/apps/bin/logLvl ppriv[6658]: missing privilege "file_dac_execute" (euid = 2000, syscall = 59) needed at ufs_access+0x3c ppriv: /u01/apps/dncs/bin/logLvl: Permission denied My questions are: * Why is it that I don't have execute privilege? Should privs=all take care of this? * When does the command (logLvl here) actually run as euid=app? My setup and understanding maybe completely off base here, so please point me in the right direction. Thanks in advance. -- prasad -- This message posted from opensolaris.org
