On Jul 30, 2010, at 12:26 PM, Will Fiveash wrote: > I'm in total agreement from a security aspect (recall that OpenSolaris's > roots are in the enterprise server world and not wide open desktop > land). I would ask you why root shouldn't be a role? Hopefully the > answer won't involve convenience.
It can be awkward if you're using LDAP or NIS and the server is down or the client is incorrectly set up. This *can* be worked around by making sure every machine has a valid local user with access to the root role -- sort of. pfexec becomes extremely slow if you have incorrectly configured LDAP -- as in several minutes of waiting to run a single command. I suspect it tries to look up userIDs via LDAP first and has a long timeout. Best to su to root in that situation. -- David Brodbeck System Administrator, Linguistics University of Washington _______________________________________________ opensolaris-discuss mailing list [email protected]
