Fredrich Maney wrote: > On Fri, Mar 27, 2009 at 6:05 PM, Glenn Faden <Glenn.Faden at sun.com> wrote: > [...] > > >> It is a mistake to be telling users to constantly use pfexec. It was not >> designed for that purpose. We should be telling people to assume roles, via >> su, or to use sudo. >> > > I'm in the process of taking the root password away from several users > that shouldn't have it (application administrators). Since we are an > all Solaris shop (at least on the Unix side), I had planned on using > roles and judicious use of 'pfexec' to also remove our dependency on > 'sudo' at the same time. Is there some reason I shouldn't do that? > > fpsm > When you say that you are taking the root password away from users, I assume you mean that you will change it and not tell them. However, if you make root a role, then they can't su to root even if they know the password. When roles are assigned RBAC-aware shells, like pfsh, they don't need to call pfexec directly; it's done by the shell.
Having normal users invoke pfexec directly presents the risk that any user application could also invoke it without the user's knowledge. It could be buried in a shell script, for example. That's why it is safer to use roles. --Glenn
