On Fri, Jun 06, 2008 at 11:07:57AM -0700, Philip Brown wrote: > Moinak Ghosh wrote: > > On Fri, Jun 6, 2008 at 11:09 PM, Philip Brown <[EMAIL PROTECTED]> wrote: > >> > >> Last time I checked, RBAC was not nearly that simple, and does not lend > >> itself to scalability of administration across multiple machines. It's a > >> very "local-only" solution. sudo is *designed to be* a multiple-machine > >> solution. RBAC does not appear to be so. > > > > That I'd say is a misconception. RBAC is also designed for multiple > > machines. The various configs can be stored in the nameservice database > > and entries in /etc/nsswitch.conf specifies the search order. Somewhat > > more flexible and integrated than using rsync (and of course scalability > > of administration is preserved). > > With sudo, you can have a single global file across 10 machines, that allows > certain users elevated privileges on 2 out of the 10 machines, without > changing anything locally on those 2 machines. All 10 machines can be 100% > identical in other respects. > > How can you do that with RBAC?
You can't do exactly that with RBAC. You have to visit those two machines. I've wondered before about using some of the reserved RBAC format fields to implement something like netgroup grouping. _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
