Hey security people I'm fishing for feedback on something. A user can't change his or her own shell in [Open]Solaris.
What's everyone's thoughts on this approach to a solution to that: suid binary in /usr/bin: - allows users to change their own shell - via RBAC allows users with the solaris.admin.usermgr.write privilege to change anyone's shell I have some code that works here: http://cr.opensolaris.org/~error404/chsh/ I'm wondering about delivering to ON... good idea? bad idea? (I'll also need an ARC intern to help me out on this one, so if any are around, give me a shout)
