Ashok Nair wrote: > Hi, > > Couple of issues with SMF and RBAC on Solaris 10 6/06. > > > 1. auth name that don't start with solaris are not recognized in /etc/ > security/auth_attr
Not recognised by which tool(s) ? If you mean as root you can't assing that authorisation user usermod(1M) or smc(1M) then the system is working as designed. That is because you must have the .grant variant of an authorisation in order to give it to another user. For example: # usermod -A foo.smf.manage.svcX.inst1 secadmin UX: usermod: ERROR: foo.smf.manage.svcX.inst1 is not a valid authorization. Choose another. We see that root only has: # auths root solaris.* To change this so that the 'foo' hierarchy can be given out by root you need to manually edit /etc/user_attr and add 'foo.*,foo.grant' to the list of auths that the root account has. > 2. Not able to assign auths using rights profiles to roles > > # grep -i svcx /etc/security/prof_attr > svcX Administration::::Rights Profile used to manage svcX > service:auths=solaris.smf.manage.svcX/inst1,solaris.smf.modify.svcX/ > inst1:: You have too may ':' chars in that line it should be (without line breaks): svcX Administration:::Rights Profile used to manage svcX service:auths=solaris.smf.mamge.svcX/inst1,solaris.smf.modify.svcX/inst1 You have an extra ':' after the profile name and two extra ':' chars at the end. -- Darren J Moffat
