Scott Rotondo writes: > James Carlson wrote: > > Are there other alternatives that I'm missing? Perhaps something > > simpler? > > If you want to determine whether the _user_ has the right to do > something, the usual approach is to check for an authorization rather > than a privilege. You would use chkauthattr() for that.
Ah, OK. Too bad that function doesn't take a numeric UID (or a ucred_t), but I can deal with the string translation problem. > Krishna Yenduri wrote: > > You can use the following calls to do that - > > door_ucred(&cred); > > ucred_getprivset(cred, pset); > > priv_ismember(pset, PRIV_SYS_NET_CONFIG); > > > > nscd code is a good example. > > That will tell you if the calling _process_ has this privilege, but if I > understand the situation correctly, we already know that it does not. > The proposal above was to examine the user's profile entries to > determine if he could potentially run a process with this privilege, but > that's not consistent with the way we usually determine the rights a > user has. That's it exactly. The GUI that will be running won't have any special privileges, but the user will have authorizations (through some means) to perform the necessary actions. nwamd (which does run with elevated privileges) needs to check that the user's command is valid. Thanks; I'll give chkauthattr(3SECDB) a try. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
