On Fri, Jun 6, 2008 at 11:37 PM, Philip Brown <[EMAIL PROTECTED]> wrote: > Moinak Ghosh wrote: >> On Fri, Jun 6, 2008 at 11:09 PM, Philip Brown <[EMAIL PROTECTED]> wrote: >>> >>> Last time I checked, RBAC was not nearly that simple, and does not lend >>> itself to scalability of administration across multiple machines. It's a >>> very "local-only" solution. sudo is *designed to be* a multiple-machine >>> solution. RBAC does not appear to be so. >> >> That I'd say is a misconception. RBAC is also designed for multiple >> machines. The various configs can be stored in the nameservice database >> and entries in /etc/nsswitch.conf specifies the search order. Somewhat >> more flexible and integrated than using rsync (and of course scalability >> of administration is preserved). > > With sudo, you can have a single global file across 10 machines, that allows > certain users elevated privileges on 2 out of the 10 machines, without > changing anything locally on those 2 machines. All 10 machines can be 100% > identical in other respects. > > How can you do that with RBAC?
This is a sudo feature that may not map to or even be implemented in RBAC. As workaround the nsswitch config does allow local configuration to override that derived from the nameservice so those 2 hosts can have specific local configs. However my point was RBAC is not a local-only solution. You can centrally administer and distribute it. Regards, Moinak. > _______________________________________________ > pkg-discuss mailing list > [email protected] > http://mail.opensolaris.org/mailman/listinfo/pkg-discuss > _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
