> James Carlson wrote:
> > That's it exactly. The GUI that will be running won't have any
> > special privileges, but the user will have authorizations (through
> > some means) to perform the necessary actions. nwamd (which does run
> > with elevated privileges) needs to check that the user's command is
> > valid.
> >
> > Thanks; I'll give chkauthattr(3SECDB) a try.
>
> Just to complete the picture, the "some means" is quite likely the new
> "Console User" RBAC profile that is automatically granted to users on
> /dev/console. It was designed for exactly this type of use case.
Indeed I designed and integrated Console User exactly to meet
what NWAM (and a couple other projects) wanted.
chkauthattr() is the answer.
Gary..
