On Mon, Aug 02, 2010 at 11:31:31AM -0700, Mike DeMarco wrote: > > jimw::::type=normal;profiles=File System Management,ZFS File System > > Management > > > > which doesn't give jimw the ability to su to root but does give > > some, but not all, additional privs when he pfexec's commands. > > I know that this is only an example but I prefer using zfs allow to > grant zfs command usage to users without having them pfexec. I wish > zones had the same functionality built in that would allow zoneadm > privilege for a given user.
Sure, zfs priv delegation can come in very handy. > For root not logging who did what I always use a root.## account for > different admins to use root. None know that real root password and > they login as there root.## account which is set to uid 0. This tracks > usage as the logs now log root.__ did this. Once someone has UID 0 they don't need to know root's password. You should get to know OpenSolaris RBAC auditing better as I think you may find this provides better auditing and security than your current configuration. -- Will Fiveash Oracle Note my new work e-mail address: [email protected] http://opensolaris.org/os/project/kerberos/ Sent using mutt, a sweet text based e-mail app: http://www.mutt.org/ _______________________________________________ opensolaris-discuss mailing list [email protected]
