Hi Dennis,
You might get some better advice from indiana-discuss or install-discuss.
I think you are saying that you were running the OSOL 2009.06 (111b)
release and then upgraded to a later build.
Are you saying that these files were truncated when you updated
to the later build?
Can you boot to the previous BE to see if the RBAC files are
still intact?
The reason you can't pfexec is that your profiles were truncated.
This is probably the cause of why the shutdown button disappeared.
A previous bug removed the shutdown button from the liveCD, but I don't
think this is same bug. I have also not seen files truncated as part
of an upgrade.
Thanks,
Cindy
On 11/18/09 22:05, dennis mathews wrote:
Has anyone come across their RBAC files ( 200906 - 111b ) being reduced from
around 60-odd entries to less than 5 ? Are these files auto-generated now by
any chance ?
Below is the full contents of the files. Incidentally exec_attr still has all
it's contents. I know this because I've got the fresh installs bootenv.
$ cat /etc/security/auth_attr
solaris.cluster.admin:::Manage Quorum Server Daemons::
solaris.cluster.read:::Print Quorum Server Configuration::
solaris.smf.manage.zfs-auto-snapshot:::Manage the ZFS Automatic Snapshot
Service::
$ cat /etc/security/prof_attr
Basic Solaris User::::auths=solaris.cluster.read
Quorum Server Management::::auths=solaris.cluster.admin
Looks very strange. I can't run pfexec anymore
pfexec /usr/bin/cat /etc/shadow
/usr/bin/cat: can't get execution attributes
$profiles
Primary Administrator
Console User
Basic Solaris User
.. but none of these profiles have any entries in /etc/security/prof_attr
$auths
solaris.device.cdrw,solaris.cluster.read
auths on the fresh install was solaris.*
I have never tried directly editing these files nor have I changed any default
profiles, or RBAC settings, so I'm confused how this might have happened. Could
an update has caused this ?
Possibly related to this is that my shutdown option from the menu has
dissappeared.
_______________________________________________
sysadmin-discuss mailing list
sysadmin-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
