[OmniOS-discuss] user_attr.d directory shipped, but not functional
Lauri Tirkkonen
lotheac at iki.fi
Fri Aug 29 06:55:11 UTC 2014
I don't know whether this is a distribution bug or exists in upstream
illumos so I'm reporting it here.
I assumed since the base install, ie. pkg:/SUNWcs, ships
{auth,exec,prof,user}_attr.d directories and a file in them, that you
could drop a file in one of them and have it function similarly to
appending to the _attr file. This is, however, not the case for at least
user_attr:
gutsman /etc # useradd foo
gutsman /etc # auths foo
solaris.admin.wusb.read,solaris.device.cdrw,solaris.device.mount.removable,solaris.mail.mailq,solaris.profmgr.read
gutsman /etc # echo 'foo::::type=normal;auths=bar' > user_attr.d/foo
gutsman /etc # auths foo
solaris.admin.wusb.read,solaris.device.cdrw,solaris.device.mount.removable,solaris.mail.mailq,solaris.profmgr.read
gutsman /etc # cat user_attr.d/foo >> user_attr
gutsman /etc # auths foo
bar,solaris.admin.wusb.read,solaris.device.cdrw,solaris.device.mount.removable,solaris.mail.mailq,solaris.profmgr.read
A quick look also didn't turn up any code that would handle these
directories (but I can be wrong). I think that these directories should
not be shipped at all -- it could lead to security problems in the worst
case (think shipping a setuid binary and a file in exec_attr.d to set
Forced Privilege on it; I actually did this in one of our packages but I
guess it's probably not limiting privileges at all).
The .d directories are not referenced in any manual pages, though, but
it's still a bad idea to ship files which serve no purpose (as far as I
can tell :) and may confuse users.
--
Lauri Tirkkonen | +358 50 5341376 | lotheac @ IRCnet
More information about the OmniOS-discuss
mailing list