6222297 lpsched and lpshut should be corrected/removed from exec_attr

6454630 print subsystem enable and disable commands not RBAC capable
6538881 lpadmin cannot create queue even with Print Management profile
6539897 uri interface script should handle common device-uri forms

2 files changed, 5 insertions, 16 deletions

diff --git a/usr/src/lib/libsecdb/exec_attr.txt b/usr/src/lib/libsecdb/exec_attr.txt
index 22a27c8bfc..5b5959db60 100644
--- a/usr/src/lib/libsecdb/exec_attr.txt
+++ b/usr/src/lib/libsecdb/exec_attr.txt
@@ -1,7 +1,4 @@
 #
-# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
-# Use is subject to license terms.
-#
 # CDDL HEADER START
 #
 # The contents of this file are subject to the terms of the
@@ -21,6 +18,9 @@
 #
 # CDDL HEADER END
 #
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
 # /etc/security/exec_attr
 #
 # execution attributes for profiles. see exec_attr(4)
@@ -224,22 +224,11 @@ Object Access Management:suser:cmd:::/usr/bin/chmod:euid=0
 Object Access Management:suser:cmd:::/usr/bin/chown:euid=0
 Object Access Management:suser:cmd:::/usr/bin/getfacl:euid=0
 Object Access Management:suser:cmd:::/usr/bin/setfacl:euid=0
-Printer Management:suser:cmd:::/usr/bin/cancel:euid=lp;uid=lp
-Printer Management:suser:cmd:::/usr/bin/lpset:egid=14
-Printer Management:suser:cmd:::/usr/bin/lpstat:euid=0
-Printer Management:suser:cmd:::/usr/lib/lp/local/accept:uid=lp
-Printer Management:suser:cmd:::/usr/lib/lp/local/lpadmin:uid=lp;gid=8 
-Printer Management:suser:cmd:::/usr/lib/lp/lpsched:uid=0
-Printer Management:suser:cmd:::/usr/sbin/accept:euid=lp;uid=lp
-Printer Management:suser:cmd:::/usr/sbin/lpadmin:egid=14;uid=lp;gid=8 
+Printer Management:suser:cmd:::/usr/lib/lp/local/lpadmin:uid=lp;gid=lp 
 Printer Management:suser:cmd:::/usr/sbin/lpfilter:euid=lp;uid=lp
 Printer Management:suser:cmd:::/usr/sbin/lpforms:euid=lp
-Printer Management:suser:cmd:::/usr/sbin/lpmove:euid=lp
-Printer Management:suser:cmd:::/usr/sbin/lpshut:euid=lp
 Printer Management:suser:cmd:::/usr/sbin/lpusers:euid=lp
 Printer Management:suser:cmd:::/usr/sbin/ppdmgr:euid=0
-Printer Management:suser:cmd:::/usr/ucb/lpq:euid=0
-Printer Management:suser:cmd:::/usr/ucb/lprm:euid=0
 Process Management:solaris:cmd:::/usr/bin/kill:privs=proc_owner
 Process Management:solaris:cmd:::/usr/bin/nice:privs=proc_owner,proc_priocntl
 Process Management:solaris:cmd:::/usr/bin/pcred:privs=proc_owner
diff --git a/usr/src/lib/libsecdb/prof_attr.txt b/usr/src/lib/libsecdb/prof_attr.txt
index be1c99f66f..fc9e312077 100644
--- a/usr/src/lib/libsecdb/prof_attr.txt
+++ b/usr/src/lib/libsecdb/prof_attr.txt
@@ -36,7 +36,7 @@ Audit Control:::Configure BSM auditing:auths=solaris.audit.config,solaris.jobs.a
 Audit Review:::Review BSM auditing logs:auths=solaris.audit.read;help=RtAuditReview.html
 Contract Observer:::Reliably observe any/all contract events:help=RtContractObserver.html
 Device Management:::Control Access to Removable Media:auths=solaris.device.*;help=RtDeviceMngmnt.html
-Printer Management:::Manage printers, daemons, spooling:help=RtPrntAdmin.html
+Printer Management:::Manage printers, daemons, spooling:auths=solaris.print.admin:help=RtPrntAdmin.html
 Cron Management:::Manage at and cron jobs:auths=solaris.jobs.*,solaris.smf.manage.cron;help=RtCronMngmnt.html
 Log Management:::Manage log files:help=RtLogMngmnt.html
 Basic Solaris User:::Automatically assigned rights:auths=solaris.profmgr.read,solaris.jobs.user,solaris.mail.mailq,solaris.device.mount.removable;profiles=All;help=RtDefault.html