Tomas Zeman wrote: > Note the plugin configuration is sensitive and should be readable only for > solaris.audit.config authorization.
I disagree with that statement. You are effectively moving audit_control(4) data into SMF. In snv_56 bug 6494262 was fixed which made audit_control a world readable file, where it was previously only root readable. This change was done so that applications need to see that audit configuration didn't need uid == 0 or file_dac_read. If the plugin configuration uses a sensitive property (ie those defined in PSARC/2007/177) and an authorisation is needed you have effectively reverted the fix 6494262 that put in place - but it is now complex in a different way because authorisations are given to users where is the previous case needed privileges which apply to processes. -- Darren J Moffat
