On Fri, Mar 27, 2009 at 6:05 PM, Glenn Faden <Glenn.Faden at sun.com> wrote: [...]
> It is a mistake to be telling users to constantly use pfexec. It was not > designed for that purpose. We should be telling people to assume roles, via > su, or to use sudo. I'm in the process of taking the root password away from several users that shouldn't have it (application administrators). Since we are an all Solaris shop (at least on the Unix side), I had planned on using roles and judicious use of 'pfexec' to also remove our dependency on 'sudo' at the same time. Is there some reason I shouldn't do that? fpsm
