Are you able to specify a the profile you want to use in pfexec?

Posted by jigjig on Server Fault See other posts from Server Fault or by jigjig
Published on 2010-06-09T22:55:26Z Indexed on 2010/06/09 23:02 UTC
Read the original article Hit count: 205

Filed under:
|

Are you able to specify which profile you want to use for a given user when using pfexec who has been assigned multiple profiles?

One example for this use is so that we can execute a command as a different user within the same process. In exec_attr, you are able to specify the uid/gid that will be used to execute a particular command as in the following example entry:

Name Service Security:suser:cmd:::/usr/sbin/rpc.nsid:uid=0;gid=0

The above profile will use the super user (uid=0) to execute the rpc.nsid command.

In user_attr, you can specify multiple profiles as below: testuser::::type=normal;profiles=Name Service Security,Object Access Management

Can you then specify directly to use the Object Access Management profile to pfexec?

© Server Fault or respective owner

Related posts about opensolaris

Related posts about rbac