Bug #204

pfexec doesn't seem to work

Added by Chris Ridd about 5 years ago. Updated almost 5 years ago.

Status:ClosedStart date:2010-09-15
Priority:HighDue date:
Assignee:Alasdair Lumsden% Done:


Category:Caiman (Installer)
Target version:-
Difficulty: Tags:


On OpenSolaris (snv_134):

id -a
uid=1002(cjr) gid=1002(cjr) groups=1002(cjr) [...]
pfexec id -a
uid=0(root) gid=0(root) groups=1002(cjr) [...]

On oi_147, on a completely fresh install:

id -a
uid=101(cjr) gid=10(staff) groups=10(staff)
pfexec id -a
uid=101(cjr) gid=10(staff) groups=10(staff)

I note the entry for "cjr" in oi_147's /etc/user_attr is different from snv_134:

cjr=::::profiles=Primary Administrator;roles=root


A consequence of this is that I cannot update any packages or apparently do anything privileged.

Related issues

Related to OpenIndiana Distribution - Bug #201: TimeSlider must not need "Root" Password Rejected 2010-09-15
Related to OpenIndiana Distribution - Bug #636: Fix graphical installer to prevent root password expiring Closed 2011-01-16


#1 Updated by Chris Ridd about 5 years ago

su'ing to root (which forced me to change root's password) allowed me to update cjr's entry in /etc/user_attr, and pfexec now works for "cjr".

#2 Updated by none none about 5 years ago

The /etc/user_attr for user 'jack' in the LiveCD doesn't have this problem. Confirmed issue exists on a installed system.

caiman/slim_source/usr/src/lib/libict_pymod/ict.py seems to be used by the installer to manipulate user_attr and needs further investigation.

#3 Updated by Jeppe Toustrup about 5 years ago

It can be changed with a simple usermod -P "Primary Administrator" <username>, when you have gained root permissions on the system.

#4 Updated by Rich Lowe about 5 years ago

This is not a bug. This is the result of caiman changeset:

changeset:   861:ccd399d2c6f7
user:        David Miner <dminer@opensolaris.org>
date:        Tue Aug 17 18:22:44 2010 -0400
    6973927 Installation fails if Primary Administrator rights profile is removed from the system
    4885 User created by installer gets unsafe profile "Primary Administrator" 
    9966 install unnecessarily propagates /lost+found from image to rpool
    15454 pkg install failure in im_pop did not abort DC and AI
    15507 SUNWcs and SUNWcsd can be removed from manifests
    16295 install-finish runs update_boot_archive ICT twice for text and GUI installs
    16645 Incorrect permissions on ict.py in build 144 can cause ict's to fail to run
    16740 Special handling of SUNWcs and SUNWcsd can be removed from transfer module

Specifically 4885

You should have sudo access instead, by default.

The 'root has my password, then prompts me to change it' thing is also, I think, a post-b134 feature.

#5 Updated by Albert Lee about 5 years ago

  • Assignee set to Alasdair Lumsden
  • Target version set to oi_148

We need to do something about this. Need to check if pfexec's consumers are fixed in snv_148. If not, the solution of least impact may be to restore the Primary Administrator profile for now.

#6 Updated by Albert Lee about 5 years ago

packagemanager(1) and time-slider-setup(1) fall back to su. Not expiring the root password by default would be a reasonably safe workaround we can apply for, as root remains a role only accessible by the default user. This would make su an audit-enabled alternative to the default sudo configuration in most respects, except for password changes later on.

#7 Updated by Albert Lee almost 5 years ago

  • Priority changed from High to Normal
  • Target version deleted (oi_148)

Interim solution for oi_148 is to set the root password in the installer. Keeping this bug open, but reducing priority.

#8 Updated by Rob Clark almost 5 years ago

Albert Lee wrote:

Interim solution for oi_148 is to set the root password in the installer. Keeping this bug open, but reducing priority.

I tried to run GParted AFTER installation but it requires root privileges. If I right-click the Clock and "Adjust Date & Time" then I am asked for the root password but Gparted simply fails.

I rebooted and used the Installer Disk but the version of GParted included does NOT support Solaris Partitions (or Linux-Swap), unless we want to format for NTFS it is of no use.

The FAQ does say to goto a Terminal and type "su -"; then you can enter a password to set the root's NEW password.

I did that but when I open [System][Administration][Core Files] (and try to set "Addict") it refuses my password --- so there does need some work done with the root passwording authentication system.

BTW: We ought to change Jack's password from the old OS's name to our new name. ;)

Thanks, and hello everyone,

#9 Updated by Albert Lee almost 5 years ago

  • Priority changed from Normal to High

For some reason, the 148 live media installer is missing gber's changes to prompt for the root password separately (and not set it as expired).

#10 Updated by Matt Wilby almost 5 years ago

  • Status changed from New to Closed

Duplicate. New bug #636 created to cover all instances (#204, #579, #619) .

Also available in: Atom