James Carlson wrote:
> That's it exactly.  The GUI that will be running won't have any
> special privileges, but the user will have authorizations (through
> some means) to perform the necessary actions.  nwamd (which does run
> with elevated privileges) needs to check that the user's command is
> valid.
> 
> Thanks; I'll give chkauthattr(3SECDB) a try.

Just to complete the picture, the "some means" is quite likely the new 
"Console User" RBAC profile that is automatically granted to users on 
/dev/console.  It was designed for exactly this type of use case.

-- 
Darren J Moffat

Reply via email to