Hello Joel, > I don't think we should port that to Solaris as is. There we have a > continuum of setups between 'basic user' and 'root'. > > Maybe on Solaris we should only have a choice whether to run or pfexec > such an app? Or simply another menu item that pfexec's it? It gets more > complicated when you try to support roles (including, possibly, root). > Because then you not only need 'an' administrative password, but also a > way to specify the role to which it applies. Maybe we can at least > enumerate all available roles instead of requiring manual input.
Can you give a little more background on what you are speaking about here? I assume you aren't speaking about Trusted Solaris details, are you (though, that's perhaps relevant too). I'm poking at bit at "man profiles(1)", but it assume I have knowledge that I don't have. What's the right entrypoint for this wad of knowledge? david
