dennis mathews wrote:
> Has anyone come across their RBAC files ( 200906 - 111b ) being
> reduced from around 60-odd entries to less than 5 ? Are these files
> auto-generated now by any chance ?
> 
> Below is the full contents of the files. Incidentally exec_attr still
> has all it's contents. I know this because I've got the fresh
> installs bootenv.
> 
> $ cat /etc/security/auth_attr solaris.cluster.admin:::Manage Quorum
> Server Daemons:: solaris.cluster.read:::Print Quorum Server
> Configuration:: solaris.smf.manage.zfs-auto-snapshot:::Manage the ZFS
> Automatic Snapshot Service::
> 
> $ cat /etc/security/prof_attr Basic Solaris
> User::::auths=solaris.cluster.read Quorum Server
> Management::::auths=solaris.cluster.admin

It appears that some package you installed delivered copies of prof_attr 
and auth_attr, which overwrote the original versions. You should be able 
to find the package(s) that delivered these files with two commands:

$ pkg search -l /etc/security/prof_attr [for IPS packages]
$ grep prof_attr /var/sadm/install/contents [for SVr4 packages]

Here's what should have happened:

1. Historically SVr4 packages delivered fragments of the RBAC database 
files using the regular pathname (e.g. /etc/security/prof_attr) but 
specifying i.rbac as the action script to use to install the file. That 
script merged the new fragment into the existing file rather than 
overwriting it.

2. IPS packages deliver the fragments as separate files in a special 
directory, and the SMF service svc:/system/rbac:default merges the 
fragments using the same i.rbac script.

It appears that your files were overwritten by a package that delivers 
RBAC database fragments but does not use either of the methods above. 
All of the ill effects you observed (missing shutdown option, inability 
to use pfexec to run with privilege) are direct results of overwriting 
those files.

        Scott

-- 
Scott Rotondo
Principal Engineer, Solaris Security Technologies
President, Trusted Computing Group
Phone/FAX: +1 408 850 3655 (Internal x68278)

Reply via email to