Are you able to specify a the profile you want to use in pfexec?
Posted
by jigjig
on Server Fault
See other posts from Server Fault
or by jigjig
Published on 2010-06-09T22:55:26Z
Indexed on
2010/06/09
23:02 UTC
Read the original article
Hit count: 205
opensolaris
|rbac
Are you able to specify which profile you want to use for a given user when using pfexec who has been assigned multiple profiles?
One example for this use is so that we can execute a command as a different user within the same process. In exec_attr, you are able to specify the uid/gid that will be used to execute a particular command as in the following example entry:
Name Service Security:suser:cmd:::/usr/sbin/rpc.nsid:uid=0;gid=0
The above profile will use the super user (uid=0) to execute the rpc.nsid command.
In user_attr, you can specify multiple profiles as below: testuser::::type=normal;profiles=Name Service Security,Object Access Management
Can you then specify directly to use the Object Access Management profile to pfexec?
© Server Fault or respective owner