Bart Blanquart wrote: > On 09/30/08 14:21, James Carlson wrote: >> John Sonnenschein writes: >>> putting it in a separate package sufficient, or would an /etc/chsh.deny >>> file be the preferred method? >> Neither. I think this ought to be an authorization that can be >> granted or revoked. Something like: >> >> solaris.admin.usermgr.shell >> solaris.admin.usermgr.gecos > > I would propose a different subsection here instead of > solaris.admin.usermgr, to do with modifying your own data: the ability > to change all other (shell/gecos) fields should be separate from being > able to modify your own. > > Even or especially an admin might need to be stopped from modifying > his/her own data, so that two person rule control can be set up.
That is easily done and a very good suggestion. -- Darren J Moffat
