max at bruningsystems.com writes: > # usermod -K 'limitpriv=all,!sys_time' root > > This works fine. Root can no longer set the date. However, the > service (which runs as root) is > still quite happy to change the date. So, the question is: When do the > privileges take effect > when using usermod? Is this only on login? Is there a way to set > privileges for all root id > processes, including processes started from SMF?
usermod only deals with login; services started by SMF or by set-uid executables need to have privileges set as needed. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
