On Tue 13 May 2008 at 03:00PM, Gary Winiger wrote:
> This project enables a policy where "root" can never be used directly by
> administrators as an account providing full system access.
> In a Major release this policy may be made the default.
How will sysidtool work in the face of this? Today, it asks for a root
password for the system and basically provisions root as a non-role
account. While sysidtool is not terribly important for the global zone
for OpenSolaris 2008.05, it is critically important for zone first-boot,
when the system is effectively blank. It seems to me that in order
to make this a default behavior, sysidtool would need to be aware of this
policy and provision accordingly.
If that isn't what is meant by default-- then, please further clarify the
meaning. Perhaps I'm just confused-- if so, please help me to not be.
Would changes to sys-unconfig also be required? Would it be sensible
to strip privileges and/or passwords from highly privileged users on
an unconfig in the same way that we currently strip out the root password?
To be clear: I'm agnostic about the goodness of this idea; I'm concerned
that the defintion of "default" is not clear, and that the zones case
has not been fully explored here. In a sense, a zone is the "most pure"
version of this problem, since it doesn't get much provisioned by an
installer, really-- it just gets laid out on the system, and lets
sysidtool do the rest.
-dp
--
Daniel Price - Solaris Kernel Engineering - dp at eng.sun.com - blogs.sun.com/dp
