Configd RBAC- now can't get to root
My story is sad (but stupid). I am trying to harden
a Sun-Fire V240 in prep for a security accreditation
next week. I just finished writing the script I planned to run on the other boxes. The government security manual wants me to use RBAC; its been a long time since I studiedRBAC. But I followed the guidance in the book. So i changed my user_attr from:
root::::type=normal;auths=solaris.*,solaris.grant;profiles=All
to
root::::type=role;auths=solaris.*,solaris.grant;profiles=All
There are no other entries in user_attr.
I booted.
I logged in as the normal sysadmin account (ingest) and tried to su and it does not work. I get " Roles
can only be assumed by authorized users".
I can't su, or boot to Single User Mode. I did copy
the user_attr to user_attr.orig before I changed it but it is owned by root so that's no help.
I'm afraid that I am looking at a reload. And of course, the script is in a 400 perm directory.
Does anybody have any ideas how I can either
copy the original user_attr or add the ingest user
without having access to root or su.
