Bart Smaalders wrote: > If you want auditing and RBAC, figure out a way to do so that doesn't > place so heavy a tax on every project that wants to deliver on Solaris. > Rewriting or adding commands to every project is not acceptable - > and is pointless so long as we don't even fund command line interfaces > for all the config files Sun has introduced over the years.
Re auditing: what are the requirements? Would a trap on writes to config files labeled as subject to audit gather enough information, or is finer grain required? Re RBAC: could ACLs be manipulated to enforce such access control? - Jeremy
