>It is definitely not pretty which is why I filed this: > >6192137 need ability to remove individual user authorizations > >This title should be changed however to remove both auths and >profiles.
Perhaps a profiles terminator "None" or some such could work for this purpose (use only the profiles explicitly listed) And for auths, I think you want a negation. >> (In this particular case I allow the use of the file_dac_read privilege >> solely for the file /etc/shadow) > >Now this is some very cool stuff! When can I get to play with it??? In due course unless you want to bfu a prototype (which needs a little it of polishing perhaps before it is consumer grade) >No, it is more than that. The audit portion of this would be useful >as it would integrate into a customer's audit framework (or tools >that they layer on top of Solaris audit). The goal would be to better >understand what actions are being taken on their systems - by their >users/roles as well as services. So should the audit record include the contract id and the service that maps too? Casper
