Hi folks,
thank you very much for providing useful comments
during process of reviewing SC SMF design spec.
I have incorporated all suggestions and updated the
design document accordingly [1].
Old version is available for reference [2].
Please feel free to take a look and speak up in case
I missed any comments or misunderstood anything.
Jan
Summary of changes:
* user account
- configuring multiple user accounts added as a potential enhancement
(10.2.1)
- captured possibility to manipulate shadow(4) by means of standard API
once fix for 1265957 is delivered (9.1, 10.1)
- clarifying that it will be possible not to create user account at
all (5.1)
- home directory ZFS dataset and mountpoint configurable (5.1) -
automatically generated in default scenario (10.3)
* root account
- added 'expire' property (5.2)
- not expired in default scenario (10.3)
* corrected SMF manifest path taking into account EMI changes (12)
* changed service dependency from svc:/system/filesystem/minimal
to svc:/system/filesystem/root (13)
* security
- property groups protected by read_authorization (11.1)
- removed 'Primary Administrator' profile from default SC manifest
(10.3, 13.2)
- potential changes to user/role/group/add/mod/del coming from
PSARC/2009/652
mentioned in the document (9.2)
- enhanced scope of 'expire' property - if set to '0', 'passwd -f'
will be
called to force the user to change password at the next login by
expiring
the password (5)
References:
[1]
http://hub.opensolaris.org/bin/download/Project+caiman/System+Configuration+Project/scsmfdesignv0.1.pdf
[2]
http://hub.opensolaris.org/bin/download/Project+caiman/System+Configuration+Project/scsmfdesignv0.1%2Dold.pdf
