Home » Oracle » 1z0-822 » Which of the following can a user using the su command execute dladm with full privileges?
Within the file /etc/security/exec_attr.d/core-os, the following line is found:
Network
Management:solaris:cmd:RO::/usr/sbin/dladm:euid=dladm;egid=netadm;privs=sys_dl_config,net_raw access,proc_audit
To assume which of the following can a user using the su command execute dladm with full privileges?
A. the net_rawacess role
B. the sys_dl_config profile
C. the Network Management role
D. a role that includes the sys_dl_config profile
E. a role that includes the Network Management profile
Correct Answer: C
Explanation/Reference:
Explanation:
Note:
* (not A, not B, not D) The privs key contains a comma-separated list of privilege numbers that will be effective when the command or action is run.
* euid and uid contain a single user name or a numeric user ID. Commands designated with euid run with the effective UID indicated, which is similar to setting the setuid bit on an executable file. Commands designated with uid run with both the real and effective UIDs. Setting uid may be more appropriate than setting the euid on privileged shell scripts.
* egid and gid contain a single group name or a numeric group ID. Commands designated with egid run with the effective GID indicated, which is similar to setting the setgid bit on a file. Commands designated with gid run with both the real and effective GIDs. Setting gid may be more appropriate than setting guid on privileged shell scripts.
* /etc/security/exec_attr is a local database that specifies the execution attributes associated with profiles.
/etc/security/exec_attr
Locally added entries. Make sure that the shipped header remains intact.
/etc/security/exec_attr.d/*
Entries added by package installation.
|
Download Printable PDF. VALID exam to help you PASS.
|
 |
Not A: net_rawaccess is a privilege
Not B: sys_dl_config is a privilege
Not C: network management is a profile
Not D: sys_dl_config is a privilege
Correct E
If you wish you can test it with :
profiles -p “Network Management”
roles Username
Cannot be C since “Network Management” is a profile and not a role.
So answer should be E:
E. a role that includes the Network Management profile