dennis mathews wrote:
> Has anyone come across their RBAC files ( 200906 - 111b ) being
> reduced from around 60-odd entries to less than 5 ? Are these files
> auto-generated now by any chance ?
>
> Below is the full contents of the files. Incidentally exec_attr still
> has all it's contents. I know this because I've got the fresh
> installs bootenv.
>
> $ cat /etc/security/auth_attr solaris.cluster.admin:::Manage Quorum
> Server Daemons:: solaris.cluster.read:::Print Quorum Server
> Configuration:: solaris.smf.manage.zfs-auto-snapshot:::Manage the ZFS
> Automatic Snapshot Service::
>
> $ cat /etc/security/prof_attr Basic Solaris
> User::::auths=solaris.cluster.read Quorum Server
> Management::::auths=solaris.cluster.admin
It appears that some package you installed delivered copies of prof_attr
and auth_attr, which overwrote the original versions. You should be able
to find the package(s) that delivered these files with two commands:
$ pkg search -l /etc/security/prof_attr [for IPS packages]
$ grep prof_attr /var/sadm/install/contents [for SVr4 packages]
Here's what should have happened:
1. Historically SVr4 packages delivered fragments of the RBAC database
files using the regular pathname (e.g. /etc/security/prof_attr) but
specifying i.rbac as the action script to use to install the file. That
script merged the new fragment into the existing file rather than
overwriting it.
2. IPS packages deliver the fragments as separate files in a special
directory, and the SMF service svc:/system/rbac:default merges the
fragments using the same i.rbac script.
It appears that your files were overwritten by a package that delivers
RBAC database fragments but does not use either of the methods above.
All of the ill effects you observed (missing shutdown option, inability
to use pfexec to run with privilege) are direct results of overwriting
those files.
Scott
--
Scott Rotondo
Principal Engineer, Solaris Security Technologies
President, Trusted Computing Group
Phone/FAX: +1 408 850 3655 (Internal x68278)
