Hi,
> > Considering Solaris' rbac capabilities as well, I > > look for root to be > > extinct in the not too distant future. > > > > Roles / Profiles are a far better way to accomplish > > this. > > I strongly disagree, for two reasons: > > 1. if the system engineering has done their job correctly, no interactive > logging in of any kind, by either the root or odrinary users should take > place on the system - ever > > 2. RBAC is present only on Solaris and therefore useless in homogenous > environments; sudo would have been a much better choice, especially because > it makes system administration consistent and homogenous. > > I do not at all appreciate RBAC. > And I don't like sudo. Too strange thing. And in that case we should forget about ZFS (because it is administred in different way), dtrace (strange, it is not on AIX or HP-UX), FMA, what else? Time to forget ACLs, they are not managed in the same way around all OSes... RBAC is Solaris way, correct and clean. Not sudo hack. You can use it, nobody will stop you. But don't stop RBAC just only because you don't understand RBAC. Write sudo wrapper around RBAC, if you want. Best regards, Milan _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org