1 Reply Latest reply: Aug 4, 2009 2:39 AM by abrante RSS

    Solaris Privs

    807567
      I have a question about the following from the man pages on privileges:

      PRIV_FILE_DAC_WRITE
      Allow a process to write a file or directory whose permission bits or ACL do not allow the process write permission. All privileges are required to write files owned by UID 0 in the absence of an effective UID of 0.

      I am unclear on what that means - I ask because of a truss output I collected on a process that appeared to be hung from the user's perspective but was burning up the cpu via top:

      stat("M$FST000.TMP", 0xFFFFFFFF7FFFD6E8) Err#2 ENOENT
      stat("M$FST000.TMP", 0xFFFFFFFF7FFFD830) Err#2 ENOENT
      open("M$FST000.TMP", O_RDWR|O_CREAT, 0666) Err#13 EACCES [file_dac_write]


      I did post a different question regarding this truss output - and do not intend to double post. I would simply like a description of the EACCESS (file_dac_write) error that is being returned in this example. My limited understanding of this would indicate that the process was attempting to create a file or directory with the specified permissions but failed because some element in the file ro dirs path was exclusively owned by root.

      Thanks -

      Mike
        • 1. Re: Solaris Privs
          abrante
          Yes, you are right. The EACCES indicates that the process is not allowed to open that file for writing. I guess that the [file_dac_write] indicates that the system, upon failure to write to the file, also checked if the user had the appropriate privilege (file_dac_write), which he didn't.

          You could take a look at the manpage for 'open' and see what it says about EACCES.

          .7/M.