14:31:20 Hey! I'm trying to create RBAC for a role to use `vmadm`. For safety, I've created a wrapper script and a profile for this script with euid and egid set to 0 which is added to a new role with just this profile. whenever I try to pfexec the wrapper with this role I get that the error that the user is not root. Am I doing this profile wrong or how 14:31:20 can I run a vmadm command without using root? 14:32:43 Using ppriv -eD I get the following output: 14:32:43 ``` 14:32:44 vmadm[27366]: missing privilege "file_dac_search" (euid = 24334, syscall = 215) needed at ufs_iaccess+0x9f 14:32:44 vmadm[27366]: missing privilege "file_dac_search" (euid = 24334, syscall = 215) needed at ufs_iaccess+0x9f 14:32:45 vmadm[27366]: missing privilege "file_dac_search" (euid = 24334, syscall = 215) needed at ufs_iaccess+0x9f 14:32:45 FATAL: cannot run because: you are not root. 14:32:46 ``` 15:10:01 Guest20 maybe you should give the user something like solaris.zone.manage 15:12:28 The profile Zone Management? 15:13:27 Guest20: In /etc/security/exec_attr, do something like `exec_attr::solaris.cmd:::: privs=file_dac_search` 15:14:05 Already did the privs and I'm getting the same error weirdly (missing privilege) 15:14:06 I believe you can make the command your wrapper, and vmadm will inherit the permission when executed from within the wrapper. 15:17:13 Yes, I'm adding the wrapper as the command and using uid 0 and privs file_dac_search but I'm getting the error either way. I've also added the profile ZOne Management to the role just now and got the same error 15:33:25 Guest20: Show me the rbac entries that you added for this and I'll figure out what's not working. 15:33:35 You can /msg them to me. 15:34:10 Also, I have an errand to run so I'll be away for a few hours. But I can take a look at it when I get back. 15:34:26 I've been meaning to write a proper RBAC guide for docs.smartos.org anyway. 15:36:02 Will do, thank you