[prev in list] [next in list] [prev in thread] [next in thread] 

List:       illumos-discuss
Subject:    Re: [discuss] is_setuid and pfexec
From:       "Garrett D'Amore" <garrett () damore ! org>
Date:       2016-03-11 22:54:21
Message-ID: CFC9D1DB-084C-434E-A338-DC1FCC006EA9 () damore ! org
[Download RAW message or body]

I suggest you have a look at exec_attr. 

Sent from my iPhone

> On Mar 11, 2016, at 2:15 PM, Alexander Pyhalov <alp@rsu.ru> wrote:
> 
> Thanks, Can I ask one more stupid question?
> 
> I'm trying to make brasero work out of the box with CD devices, and it seems that \
> in any case for my profiles to be accounted for I have to use pfexec. Creating \
> privileges set and setppriv(PRIV_SET,PRIV_EFFECTIVE,pPrivSet) is not enough. Is it \
> correct or do I miss something? 
> I mean something like
> 
> static int setprivs(){
> priv_set_t *pPrivSet;
> 
> if(geteuid()==0){
> g_warning("Running with euid 0, assuming you know what you are doing");
> return 0;
> }
> 
> if ((pPrivSet = priv_allocset()) == NULL) {
> return 1;
> }
> 
> priv_basicset(pPrivSet);
> 
> if(priv_addset(pPrivSet,PRIV_SYS_DEVICES)) {
> return 2;
> };
> 
> if(setppriv(PRIV_SET,PRIV_EFFECTIVE,pPrivSet)) {
> return 3;
> }
> 
> /* CLI tools should also be able to use USCSICMD ioctls */
> if(setppriv(PRIV_SET,PRIV_INHERITABLE,pPrivSet)) {
> return 4;
> }
> 
> priv_freeset(pPrivSet);
> 
> return 0;
> }
> 
> int main() {
> ...
> setprivs();
> ...
> }
> doesn't work without pfexec.
> 
> ---
> System Administrator of Southern Federal University Computer Center
> 
> 


-------------------------------------------
illumos-discuss
Archives: https://www.listbox.com/member/archive/182180/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182180/25758063-6f7f4185
Modify Your Subscription: \
https://www.listbox.com/member/?member_id=25758063&id_secret=25758063-83fb4fd4 \
Powered by Listbox: http://www.listbox.com


[prev in list] [next in list] [prev in thread] [next in thread]