Hi, James Carlson wrote: > max at bruningsystems.com writes: > >> # usermod -K 'limitpriv=all,!sys_time' root >> >> This works fine. Root can no longer set the date. However, the >> service (which runs as root) is >> still quite happy to change the date. So, the question is: When do the >> privileges take effect >> when using usermod? Is this only on login? Is there a way to set >> privileges for all root id >> processes, including processes started from SMF? >> > > usermod only deals with login; services started by SMF or by set-uid > executables need to have privileges set as needed. > Thanks everyone. I hadn't thought how easy it would be to brickify the system if this was allowed for smf services.
max
