I guess that this is my 3rd post to this list in the same light, but I figure
maybe the 3rd times a charm, as I have not seen any responses to my previous
posts. I guess it is possible that no one is messing with this level of
authorization. From what I read, these methods are going away in the next
major release as they move to the authentication broker.
In a default install, the methods_deny file contains ALL : ALL, which I believe
to be analogous to any:any drop in the firewall world. If I comment out this
ALL : ALL line, my non-root user can perform the commands that I was previously
denied using (bppllist, bperror, and bpimmedia). Any ideas what other "evils"
I may be opening myself up to by commenting out ALL : ALL. I don't believe
that I have opened up access to everyone, as most of the non-root use is
controlled by the authorized.txt file.
I also tried to create a Solaris RBAC role for a non-root user to issue some
NetBackup commands, but I still got the userid is not superuser (140) error,
even though the role sets the UID/GID to 0.
Thoughts?
-Kyle
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|