Garrett D'Amore wrote: > Bart Smaalders wrote: >> Garrett D'Amore wrote: >> >> > must support the various Big Rules (including auditable >> administration), >> >> I asked Gary this question, but he declined to answer: >> >> What project satisfies this big Rule today? > > Um... passwd(1M), useradd(1M), bsmconv(1M), printmgr(1M), > domainname(1M), uname(1M)? I'm not going to sit and say that we have > everything perfect, but we should be able to do better for > administrators than offer only vi(1) or emacs based administration, and > we should be working to close gaps, rather than introduce new ones. >
> Add a CLI utility to administer the file contents. Don't rely on "vi" > as the only administrative interface. For simple interfaces, we sort of manage, although we've punted on massive amounts of those as well, and I don't see the resources dedicated to addressing the problem. And how do we do this for IPF? Sendmail? Postfix? Apache? >> >> If we cannot articulate this, this isn't a rule - it's a vague wish >> that other people >> will do our work for us, and as such is _toxic_ behavior, esp. by >> sitting ARC >> members. > > I think I just articulated how to achieve it. Do you disagree? > Yes. I cannot imagine that we will replace more than a small fraction of the files in /etc w/ custom command line config tools. It's certainly a significant project for each of the more complex config files, and the payback often minimal. Is auditing something that is useful if we only do a half-assed job? Or should we look for better ways of solving the auditing problem and accept that for some config files we're just not going to write a useful command line utility to manage them... Simply stopping the addition of open source software to Solaris in order to meet auditing requirements for /etc files (which we don't meet anyway w/ the stuff we've shipped for years) seems ludicrous. - Bart -- Bart Smaalders Solaris Kernel Performance barts at cyber.eng.sun.com http://blogs.sun.com/barts "You will contribute more with mercurial than with thunderbird."
