Friday January 14, 2005
alanc @ sun.com
Alan Coopersmith’s blog
Random thoughts of a disorganized mind...
(and though it should be obvious, while Sun pays me to think about things, they disclaim any responsibility for these thoughts, nor do I claim what I say matches in any way what Sun thinks)
Loading...
Friday January 14, 2005
The "Desktop Configuration" rights profile in Solaris 10
Solaris ships with several X configuration utilities which require additional privileges to run. To allow selected users to run these without having to have the root password, an RBAC (Role Based Access Control) rights profile has been created with the name "Desktop Configuration". Users with the rights granted by this profile can do these things normally requiring root privileges, starting in Solaris 10 (build s10_73 and later):
- Change the SMF configuration for the X11 & font services (I'll talk more about these in a future blog entry)
- Have
xorgconfigsave the configuration output to/etc/X11/xorg.conf - Run
scanpcito see the PCI devices available on the system.
/etc/user_attr:
alanc::::profiles=Desktop ConfigurationI can then login as alanc and run svccfg to change the X server options or run pfexec /usr/X11/bin/scanpci to see the list of PCI devices in the system. If correctly configured, when the user runs the auths command, they should see the solaris.smf.manage.x11 and solaris.smf.manage.font authorizations listed. For more information on using RBAC and rights profiles, see the manual Solaris 10 System Administrator Collection > System Administration Guide: Security Services.
[See more blogs and links on Solaris at Technorati Tag: Solaris]
Posted at 05:55PM Jan 14, 2005 by Alan Coopersmith in Solaris |
Comments:
Subscribe!
