In Trusted Solaris 2.5.1 and 7, why do I see warnings about
commands outside of the trusted path? We are trying to install some
software and keep getting this message:
WARNING: Command operating outside of the Trusted Path!
Answer
This message appears because of a change made in Trusted Solaris
2.5.1 and Trusted Solaris 7 to make it easier for a role to do its
work.
The default configuration now includes the All Commands profile for
each role. This allows the role to run commands that are useful but
that are not explicitly listed in any of its profiles.
When a command is not explicitly listed, the profile shell turns
off the trusted path attribute, and the shell prints the warning
that the command is running "outside of the Trusted Path." You can
see this message when running certain installation programs that
are provided by an application.
When applications, such as some GUIs, try to start a window in an
administrative role's workspace, they fail without the trusted path
attribute.
A related fact is that shell scripts that are written to use the
profile shell can fail when run by a role. The reason is that a
profile shell needs the trusted path attribute when started by a
role.
If the trusted path attribute is needed for a program to succeed,
you need to add the command to a profile, even if the command does
not need privileges or other extended security attributes.
If the programs are succeeding but you want to suppress the
message, you can set the "Q" switch. Either enter "set -Q" on the
command line or put "set -Q" in the role's .profile (root role's
.profile is /.profile).
