On 7/9/05, Sunil <[EMAIL PROTECTED]> wrote: > That thing scared me a bit and I have deleted the role since. I think even if > rbac meets password less login, it is insecure in the sense that anyone who > cracks devsk login, can become root. I want this role for local console > logged user only and only from local logon sessions. I think this will take > some effort to achieve. > > $ /usr/bin/profiles -l > > Web Console Management: > /usr/lib/webconsole/smcwebstart uid=noaccess, gid=noaccess, > privs=proc_audit > All: > *
I would say you've found a bug then. Since the roles manpage claims you must have the role assigned to a user for them to assume it. I wonder if this is a special exception, if you create a role with a password, and then try to assume it without assigning that role to the user you're sui'ng as, does it still let you assume the role? -- Shawn Walker, Software and Systems Analyst [EMAIL PROTECTED] - http://binarycrusader.blogspot.com/ _______________________________________________ opensolaris-discuss mailing list [email protected]
