Nicolas Williams wrote: >> With sudo, you can have a single global file across 10 machines, that allows >> certain users elevated privileges on 2 out of the 10 machines, without >> changing anything locally on those 2 machines. All 10 machines can be 100% >> identical in other respects. >> >> How can you do that with RBAC? > > You can't do exactly that with RBAC. You have to visit those two > machines. > > I've wondered before about using some of the reserved RBAC format fields > to implement something like netgroup grouping.
I implemented it while waiting in an airport departure lougne one day, it was easy. However the hard disk died (before I got home) and I lost the code but it would be simple to regenerate. The harder part is updating the existing admin tools to understand this field - but the people used to sudo wouldn't care since the sudo admin tool is an editor. -- Darren J Moffat _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
