On Fri, Jun 6, 2008 at 11:09 PM, Philip Brown <[EMAIL PROTECTED]> wrote: > Glenn Lagasse wrote: >> * Philip Brown ([EMAIL PROTECTED]) wrote: >>> >>> Most people dont give a damn about "finer grained control". they just want >>> to get done, what needs to get done, in the simplest way possible. >>> sudo is the best fit for it. >>> >>> "alias sudo=pfexec", does not meet that want, as well as regular sudo >>> does. >> >> And how exactly does it not meet that want? > > Starting with a fresh, untouched solaris install, that has just had "sudo" > dropped on it: lets say I want to give someone sudo access. > > I edit ONE file, and add ONE line. > done. > Also, you can rdist/rsync out a 'global' sudoers file. > Simple, yet very flexible. > > Last time I checked, RBAC was not nearly that simple, and does not lend > itself to scalability of administration across multiple machines. It's a > very "local-only" solution. sudo is *designed to be* a multiple-machine > solution. RBAC does not appear to be so.
That I'd say is a misconception. RBAC is also designed for multiple machines. The various configs can be stored in the nameservice database and entries in /etc/nsswitch.conf specifies the search order. Somewhat more flexible and integrated than using rsync (and of course scalability of administration is preserved). Regards, Moinak. > > _______________________________________________ > pkg-discuss mailing list > [email protected] > http://mail.opensolaris.org/mailman/listinfo/pkg-discuss > _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
