> Mike DeMarco wrote: > > ppriv -eD /usr/sbin/ifconfig iwk0 plumb > > ifconfig[1902]: missing privilege "ALL" (euid = > 504, syscall = 5) needed at > devfs_unlocked_access+0x7d > > ifconfig[1902]: missing privilege "ALL" (euid = > 504, syscall = 5) needed at > devfs_unlocked_access+0x7d > > ifconfig[1902]: missing privilege "ALL" (euid = > 504, syscall = 5) needed at > devfs_unlocked_access+0x7d > > ifconfig: cannot open link "iwk0": Permission > denied > > > > How do I define "ALL" in user_attr? > > This does not make sense to me, Enlightenment > needed. > > Using the keyword "all" as in "privs=all". :-) > > There are some operations that require all > privileges, rather than a > single specific privilege. Generally these are > operations that can allow > you to acquire arbitrary privileges, so the > operations require that you > already have all privileges in order to prevent > escalation. Two common > examples are opening /dev/kmem (you could alter > process privileges by > changing kernel data structures) or modifying > root-owned files (which > may control system configuration). > > The other way to specify all privileges is to specify > uid=0 for a > command that is not privilege aware, like ifconfig. > That's what the > Network Management profile does for ifconfig: > > Network > k Management:solaris:cmd:::/sbin/ifconfig:uid=0 > > So the best answer to your question is to add Network > Management to the > user's list of profiles in user_attr and then invoke > ifconfig from a > profile shell or using pfexec. > > Scott > > _______________________________________________ > security-discuss mailing list > security-discuss at opensolaris.org
I am able to configure standard NICs just not the wifi. I have the Network wifi management in the profile but still no luck profiles=Network Wifi Management,Web Console Management,ALL;lock_after_retries=no;clearance=admin_high;min_label=admin_low This message posted from opensolaris.org
