Jack, a couple of comments on the RBAC-related portion here:
usr/src/cmd/rbac/prof_attr.system%2Finstall%2Fauto-install
usr/src/cmd/rbac/user_attr.system%2Finstall%2Fauto-install
1. Is it necessary for some reason to define aiuser as a role for root?
2. Won't it work to just place the auths that are in the profile you've
created directly on the aiuser user? If so, we can dispense with the
separate role.
3. I'm wondering if using the Stop profile is a good idea here. It
would seem to inhibit automatic inheritance of default
authorizations/profiles from a standard user environment, meaning we'd
have to be more aware of changes elsewhere in the system and have to
fiddle with this more often. Conceptually, I believe aiuser is
essentially a normal user with some elevated read privileges, which is
what you've defined with the auths (I'm wondering if there are more we
need there, actually, but don't have specific suggestions).
Dave
_______________________________________________
caiman-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
