Patch-ID# 118015-01 Keywords: sunray failover privilege profile Synopsis: Trusted_Solaris_8_HW_7/03: exec_attr patch Date: Sep/02/2004 Install Requirements: None Solaris Release: Trusted_Solaris_8_HW_7/03 SunOS Release: Trusted_Solaris_8_HW_7/03 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 118016 Topic: Trusted_Solaris_8_HW_7/03: exec_attr patch Relevant Architectures: sparc BugId's fixed with this patch: 5065635 5074088 Changes incorporated in this version: 5065635 5074088 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /etc/security/exec_attr Problem Description: 5065635 utgroupsig feature does not work in Trusted Solaris 5074088 Remove duplicate Device Security line for kbd added in sccs v 1.5 of exec_attr Patch Installation Instructions: -------------------------------- Refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Trusted Solaris. Any other special or non-generic installation instructions should be described below as special instructions. For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE: It is recommended to save a copy of the /etc/security/exec_attr file before installing this patch. A version of /etc/security/exec_attr is saved in the /var/sadm/pkg/SUNWcsr/save directory as exec_attr.118015-01 (or newer) Subsequent patch removals and installations of the same patch will result in overwriting the saved copy in this directory. The installation of this patch will merge the current version of the /etc/security/exec_attr file and new changes from the patch. Any custom modifications made in the current /etc/security/exec_attr file will remain after the patch is installed. The patch removal process will not restore the /etc/security/exec_attr file to the state before the patch installation; it will leave the /etc/security/exec_attr file untouched, in the exact state before the patch removal. The steps below assume the patch has been put into an ADMIN_LOW directory in /var/tmp and the patch file label is configured to ADMIN_LOW. Create a role which contains the Software Installation profile (typically admin role is assigned this profile) and whose label range includes the ADMIN_LOW label. All the steps in the patch installation should be executed at ADMIN_LOW. The patch should be owned by this role. 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. To verify the profile is assigned to the role, type: "profiles -l | grep patchadd". The result should be: /usr/sbin/patchadd uid=0, privs=all, label=admin_low 2) cd into /var/tmp and install the patch file. # cd /var/tmp # patchadd /var/tmp/ where is the patch number. Special Backout Instructions: ----------------------------- 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. To verify the profile is assigned to the role, type: "profiles -l | grep patchrm". The result should be: /usr/sbin/patchrm uid=0, privs=all, label=admin_low 2) Backout patch by typing: # patchrm where is the patch number. README -- Last modified date: Thursday, September 2, 2004