On 03/ 2/10 05:54 PM, Dave Miner wrote: > On 03/ 2/10 12:38 PM, Matt Keenan wrote: >> On 03/ 2/10 05:01 PM, Dave Miner wrote: >>> On 03/ 2/10 11:51 AM, Keith Mitchell wrote: >>>> Hi Matt, >>>> >>>> Since the liveCD is intended to mimic the installed environment, would >>>> it not make sense to remove the Primary Administrator role from the >>>> 'jack' user delivered by SUNWslim-utils (instead of changing line 514; >>>> line 558 would still need to change)? That way the default login >>>> functions identically to what the user will have after the >>>> installation. >>>> >>>> Also, I think a significant amount of documentation (in install, pkg, >>>> and elsewhere) exists that calls for running "pfexec<cmd>". I think >>>> this change renders that documentation invalid, are there bugs filed to >>>> update these docs appropriately? Error messages as well sometimes >>>> recommend running the command again with pfexec, and would need to be >>>> updated, unless I misunderstand the implications of this change. >>>> >>> >>> I'd suggest we defer this particular change, as the switch to sudo was >>> (somewhat to my surprise, though we'd been talking about it for way over >>> a year) included in PSARC 2010/067 which is under discussion right now. >> >> No problem. >> >> Based on this proposal, will we (slim_install) be required to implement >> addition of initial user to /etc/sudoers, as well as removal of Primary >> Administrator profile ? >> >> If so I can at least prepare a webrev that does this, and if/when this >> ARC case >> gets approved we will be ready to roll with the change. >> > > I'd recommend waiting, as there are multiple potential options depending > on how the security team states their plans to deal with RBAC/sudo > integration.
Wait I can do... :-) thanks Dave. Matt > > Dave > >> cheers >> >> Matt >> >>> Dave >>> >>>> - Keith >>>> >>>> On 03/ 2/10 05:24 AM, Matt Keenan wrote: >>>>> Code review please for following bug : >>>>> 4885 - User created by installer gets unsafe profile "Primary >>>>> Administrator" >>>>> http://defect.opensolaris.org/bz/show_bug.cgi?id=4885 >>>>> >>>>> Webrev: >>>>> http://cr.opensolaris.org/~mattman/bug-4885/ >>>>> >>>>> Code change is relatively trivial simply amending ict.c to sed out >>>>> "profile=Primary Administrator," from /etc/user_attr for initial user. >>>>> >>>>> This is being implemented as a request during review of ARC case : >>>>> PSARC/2007/284 >>>>> >>>>> cheers >>>>> >>>>> Matt >>>>> _______________________________________________ >>>>> caiman-discuss mailing list >>>>> caiman-discuss at opensolaris.org >>>>> http://mail.opensolaris.org/mailman/listinfo/caiman-discuss >>>> _______________________________________________ >>>> caiman-discuss mailing list >>>> caiman-discuss at opensolaris.org >>>> http://mail.opensolaris.org/mailman/listinfo/caiman-discuss >>> >> >
