How to Run a Shell Script With Privileged Commands

When you create a shell script that runs commands with inherited privileges, the appropriate rights profile must contain the commands with privileges assigned to them.

1. Start the script with /bin/pfsh, or any other profile shell, on the first line.

   #!/bin/pfsh # Copyright (c) 2003 by Sun Microsystems, Inc.

2. Determine the privileges that the commands in the script need.

   % ppriv -eD script-full-path

3. Open the Solaris Management Console GUI.

   For instructions, see How to Assume a Role in the Solaris Management Console. Choose a role, such as Primary Administrator, that can create a rights profile.

4. Use the Rights tool to create or update an appropriate profile.

   Select the script, and include in the rights profile each of the commands in the shell script that need privileges to run. For each included command, add the privileges that the command requires.

   ---

   Caution –

   The order of rights profiles is important. The profile shell executes the earliest instance of a command in the list of profiles. For example, if the chgrp command is in the Object Access Management rights profile, and Object Access Management is the first profile in which the chgrp command is found, then the chgrp command executes with the privileges that are specified in the Object Access Management profile.

   ---

5. Add the rights profile to a role and assign the role to a user.

   To execute the profile, the user assumes the role and runs the script in the role's profile shell.