please note:
"/etc/init.d/samba stop" ...SYSVinit command using "pkill smbd ; pkill nmbd"
so such command issued in global zone will kill all Samba's running in
non-global zones!!!
Currently this issue is solved tracking the smbd.pid, nmbd.pid and winbind pid
's by "start method" called from s
IHAC that is looking to split out zone management roles.
The zone administrator creates and manages the local zones
however that person should not be able to see the data
in the zone for security purposes. They should only be able
to manipulate the resources assigned to the zone, as well
as crea
Brian Kolaci wrote:
IHAC that is looking to split out zone management roles.
The zone administrator creates and manages the local zones
however that person should not be able to see the data
in the zone for security purposes. They should only be able
to manipulate the resources assigned to th
Jeff Victor wrote:
Brian Kolaci wrote:
IHAC that is looking to split out zone management roles.
The zone administrator creates and manages the local zones
however that person should not be able to see the data
in the zone for security purposes. They should only be able
to manipulate the res
Brian Kolaci wrote:
Jeff Victor wrote:
Brian Kolaci wrote:
IHAC that is looking to split out zone management roles.
The zone administrator creates and manages the local zones
however that person should not be able to see the data
in the zone for security purposes. They should only be able
t
This probably sacrilege, but some of these zone security issues might
be better served with Secure Solaris, if the security requirements are
this extreme (e.g . DOD). Adding complex security always add complex
overhead. On the other hand locking out the global zone to all purposes
and adminis
Jeff Victor wrote:
Brian Kolaci wrote:
Jeff Victor wrote:
Brian Kolaci wrote:
IHAC that is looking to split out zone management roles.
The zone administrator creates and manages the local zones
however that person should not be able to see the data
in the zone for security purposes. They
Its more of a separation of duties. The zone management admin is
not necessarily the same person as the application admin in a local
zone (however it could be the same person, then this particular item
would be moot). The management is bad, but thats just the way it
is and always was. Audit req
I propose that zlogin be split into two different programs, one
for console access and one for running programs and/or shell.
A simple way to do this (and would be backward compatible) would be to
create a hard link to zlogin, say 'zconsole' that when it is executed
the program can test arg0 and a
Brian,
It was basically for this reason that I wrote up a small tool called
rzlogin a while back. This particular tool was focused solely on
restricting access to zone console logins, but it did leverage some
of the ideas called out by David Comay in 4963290 - namely using
Solaris authorization
On 10/13/06, Michael Barto <[EMAIL PROTECTED]> wrote:
This probably sacrilege, but some of these zone security issues
might be better served with Secure Solaris, if the security requirements
are this extreme (e.g . DOD). Adding complex security always add
complex overhead. On the other hand l
[EMAIL PROTECTED] wrote:
I propose that zlogin be split into two different programs, one
for console access and one for running programs and/or shell.
A simple way to do this (and would be backward compatible) would be to
create a hard link to zlogin, say 'zconsole' that when it is executed
the p
I think the customer would be very interested in this tool, however
one of the gripes is that things of this nature aren't built in
and that they have to construct 'add-ons' to build a base SOE system.
Glenn Brunette wrote:
Brian,
It was basically for this reason that I wrote up a small tool c
Michael Barto wrote:
> This probably sacrilege, but some of these zone
> security issues might
> be better served with Secure Solaris, if the
> security requirements are
> this extreme (e.g . DOD). Adding complex security
> always add complex
> overhead. On the other hand locking out the glob
On Fri 13 Oct 2006 at 02:04PM, Brian Kolaci wrote:
> [EMAIL PROTECTED] wrote:
> >>I propose that zlogin be split into two different programs, one
> >>for console access and one for running programs and/or shell.
> >>A simple way to do this (and would be backward compatible) would be to
> >>create a
On 10/13/06, Jiri Sasek <[EMAIL PROTECTED]> wrote:
please note:
"/etc/init.d/samba stop" ...SYSVinit command using "pkill smbd ; pkill nmbd"
so such command issued in global zone will kill all Samba's running in non-global zones!!!
Currently this issue is solved tracking the smbd.pid, nmbd.pid
16 matches
Mail list logo