Ivan Wang wrote: > <snipped> > >> In that case just throw Solaris Express over the >> wall, and re-name it >> Open Solaris. >> >> If you call RBAC cheaper and quicker, them maybe you >> have not >> implemented it before. For a home user it would be >> almost the same as >> asking them to implement a NIS+ domain for their >> laptop. >> > > I am not sure configuring is that arduous, unless the sudo configuration you > expected in "home user" case is just a way not to give out root password, and > everyone on the system can "sudo su -" > It certainly has more files with more options to configure by default. If you want to give access for one or more commands for a user, you can generally do it in one place with one tool and generally on one line. To do that with Solaris you need to create a profile in prof_attr (unless one already exists), add the command to exec_attr, and then assign the profile to the user in user_attr. The complexity then increases when you user LDAP rather then files to store these attributes. Then throw in a mix of Solaris 8, 9, & 10 servers using it. > RBAC is a very flexible and useful feature in Solaris, for example, I can set > up a profile for opening raw socket and give that profile to certain users, > they only have to pfexec their binary. NO root privilege is involved. NO role > involved even. I have done this in the past. I am well aware that RBAC can do a lot more that sudo (which is personally why I do not use it). It is just the case the works perfectly fine for a lot of people.
> NO shared role password involved of course. > Actually no password in this case. > I am not against putting sudo in indiana, since you can always build it from > source. However, the question would be how a complete GNU userland can make > users aware of they are using solaris instead of Sobuntu (pun intended ;) > At least enough to satisfy the goals of indiana. Doug _______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
