> Peter Tribble wrote: > > On 2/16/07, Sarah Jelinek <Sarah.Jelinek at sun.com> > wrote: > >> Narendra Kumar S.S wrote: > >> > In section "8. Users", it shows that other than > root user, other users > >> > are also there. > >> > So, are we going to have 'new user creation' > during install? > >> Yes, we are adding this capability. > >> > If so, is there any limit on the number of users > that can be created > >> > during install? > >> > > >> Only 1 new user account can be created in Dwarf. > > > > Is this going to be a raw (unprivileged) user > account? > Yes, this is intended to be a unprivileged user > account. > > > > In other words, has the idea that the first user > (maybe optionally) > > gain a set of enhanced privileges to avoid the need > to su to root > > for common operations been considered? (I'm > thinking along the > > lines of the first account on MacOS X being an > admin account.) > > > This is a good idea. We haven't gone much farther in > our thinking with > this feature other than to be able to provide the > ability to setup a > basic, local user account. But, this is an idea we > should consider for > future Caiman projects.
I think that if possible root should be made an RBAC role during installation and a new user created who is allowed to assume the root role. This is roughly what Ubuntu does with sudo. This has a number of advantages: 1. No root login (only via 'su'). 2. Role assumption is explicit and can be tracked via audit. -Mark > > thanks, > sarah > > _______________________________________________ > caiman-discuss mailing list > caiman-discuss at opensolaris.org > http://opensolaris.org/mailman/listinfo/caiman-discuss > This message posted from opensolaris.org
