/usr/bin/pfexec -P privspec command [ arg ]...
/usr/bin/pfsh [ options ] [ argument ]...
/usr/bin/pfcsh [ options ] [ argument ]...
/usr/bin/pfksh [ options ] [ argument ]...
Profiles are searched in the order specified in the user's entry in the user_attr(5) database. If the same command appears in more than one profile, the profile shell uses the first matching entry.
The second form, pfexec -P privspec, allows a user to obtain the additional privileges awarded to the user's profiles in prof_attr(5). The privileges specification on the commands line is parsed using priv_str_to_set(3C). The resulting privileges are intersected with the union of the privileges specified using the "privs" keyword in prof_attr(5) for all the user's profiles and added to the inheritable set before executing the command.
For pfexec to function correctly, the pfexecd daemon must be running in the current zone. This is normally managed by the "svc:/system/pfexec:default" SMF service (see smf(7)).
example% pfexec -P all chown user file
This command runs chown user file with all privileges assigned to the current user, not necessarily all privileges.
|July 8, 2016||OmniOS|