Ludovic, The use of ACLs is certainly a possibility. My concern is that many organizations (for good or bad reasons) do not have sufficient tools to deal with the management and auditing of ACLs which is why I wanted to go with the Unix owner/group method.
Also, to reply to another posting, user_attr is in /etc not /etc/security. Jyri, No, the webservd should only be used as the UID of the web server process. In the BluePrint and other demonstration environments that we have built, we typically use a webadm (role) to manage the service and a webop (role) to do basic things like start/stop/review logs/etc. These roles can then be assigned to those users that specifically need that level of access. You can see this implemented in a dual-zone model (based on Mark Thacker's HOWTO: Eliminating Web Page Hijacking Using Solaris 10 Security) in the presentation at: http://www.opensolaris.org/os/community/security/files/CEC-SFT0062-Brunette.pdf BTW, Mark's paper can be found at: http://www.sun.com/software/solaris/howtoguides/s10securityhowto.pdf As you will see in the paper, you can even further restrict what webop and webadm can do if you really want to take it that far by removing "Basic Solaris User" from the global policy and assigning just the commands you want them to run. g -- Glenn Brunette Distinguished Engineer Director, GSS Security Office Sun Microsystems, Inc.
