|
Description
|
A shell script (for example, an SMF start method) that wants to manage its own privileges can easily remove or add individual privileges from its sets by using the "ppriv -s {EIL}-priv_name" syntax.
However, restoring its inheritable or effective set to have the maximum set of privileges requires parsing the output of ppriv (which is Uncommitted, so doing this is not ideal), for example:
/usr/bin/ppriv -s $(echo I=$(ppriv -S $$ | nawk -F": " '/P:/ { print $2 }' )) $$
The addition of keywords representing the different sets would simplify this:
ppriv -s I=permitted $$
(where the keywords refer to the privilege sets of the process being manipulated).
This would give scripted applications parity with the C API's "setppriv(PRIV_SET, PRIV_EFFECTIVE, getppriv(PRIV_PERMITTED))" and similar use.
The second function that would be useful is the addition of the equivalent of "priv_ineffect(const char *priv)". This might be quite useful for making SMF startup methods be smarter in how they handle the presence or absence of specific privileges.
Assume a service that can run in one mode if it runs with privilege set X, but can run in another mode if it also has privilege priv_foo. The startup method could check the configuration file and if priv_foo is absent but the keyword enabling it is present in the manifest or configuration file it could return SMF_EXIT_ERR_CONFIG, providing a more useful error message to the administrator.
|
