> I'm in total agreement from a security aspect (recall
> that OpenSolaris's
> roots are in the enterprise server world and not
> wide open desktop
> land). I would ask you why root shouldn't be a role?
> Hopefully the
> nswer won't involve convenience.
In making root a role you now rely on a user account to be available at all
times. You can not login as the role and if the user account gets misconfigured
in some way you can not login at all. User accounts are fluid they grow and get
configured in different way each time you risk having the user account blow up
and not be able to get back into the host to fix it other than with the LiveCD.
Which means you always have to keep the LiveCD handy. Since root should be a
limited use account you can and should give it a very cryptic password and keep
its environment static. This ensures a level of sanity to the account and with
it being static it will be left in a safe,secure and reliable state.
--
This message posted from opensolaris.org
_______________________________________________
opensolaris-discuss mailing list
[email protected]
