I suppose one could argue that having it work either like other remote
access commands (rsh, ssh, rlogin, telnet, etc) or like the other zone* commands
might make it more intuitive.
But do you really want to make a command that "only a superuser operating
in the global zone can use" so intuitive they don't need to read the man page?
If the superuser in the global zone doesn't know what they're doing, bad things
are going to happen anyway, why help them evade their own ignorance where
it's a mere inconvenience only to encounter it far worse later on?
And if you're going to go there, why not allow user at zonename in addition to
allowing -l user zonename? (That might actually be good insofar as it rewarded
use of ssh syntax; after all, people ought to be using ssh instead of rlogin or
telnet whenever possible.) Why not allow -l user _after_ zonename (like
some versions of rlogin allow or even require)? Once you start down the
road of allowing multiple syntaxes for convenience, where do you stop?
Heck, why not make up zone://user at zonename/ URLs? (actually, I suppose
one could write a mozilla helper that would run the appropriate zlogin
in an xterm if it encountered that, but what idiot would be running their
browser as root?)
Maybe it's just me, but it sure seems like a slippery slope.
This message posted from opensolaris.org