Joerg Schilling wrote: > John Plocher <John.Plocher at sun.com> wrote: > >> Just as someone invented sheaths for knives, because people >> don't always need to walk around armed to the teeth, the >> "sudo world" doesn't require everyone to walk around with >> a loaded "rm *" command :-) >> >> This proposal, if applied to my home system, would seem to >> effectively make logging in as "plocher" be the same as >> logging in as "root" - and is something I'm not sure I want. >> >> What I do want is to be able, as "plocher", to say "I want >> to explicitly do `foo` now, but not necessarily at any other >> time without additional future confirmation being required". > > I believe that the change needs to be well tested for a while to make sure > that it does not miss hard to find problems.
What change ? > If you e.g. (after the change) are expected to call "pfexec rm -rf /*", then > I see the problem that people who use a pf* shell would always work with > user user privilleges. > If there is a need to first aquire a role, things look different. I don't see how any of the above is relevant to what *this* case is proposing. This case says NOTHING about pfexec or profile shells. This case is about a change to /sbin/sulogin so that instead of always requireing the root password it will ask for a username/passwd and that the user has to have the solaris.system.maintenance authorisation. /sbin/sulogin will still start a uid=0 privs=all shell. > BTW: It was a good practice 20+ years ago already to disallow root logins > except for /dev/console. This changed after ssh came up. It may be a good > idea Not on Solaris it didn't we have ALWAYS shipped our sshd configuration such that root can not login remotely by default. This is different to the OpenSSH default. > to implement something similar now (allowing root logins on /dev/console on > specific conditions) to make sure that there is no need to fetch an alternate > boot medium in order to fix certain problems. I don't see how that is relevant to this case. This case does NOT make root a role by default. This case does NOT stop root from authenticting on /dev/console either during sulogin or /bin/login. -- Darren J Moffat
