Juanita Heieck wrote: > Joe, > > Good Point. I'm wondering if all the existing admin procedures on the > wiki should be changed to *not* use > pfexec? Glenn, what do you think? Also, we are putting together the > Getting Started Guide now, and > pfexec instructions appear in several places in that book. I guess > those are okay to leave, in light of > what Joe just mentioned? Ultimately, the install code should be changed so that Primary Administrator is not assigned by default. If sudo were setup instead, than you could ewly on that. Meanwhile, you need to describe the system as it is. Since root is a role, the docs should explain that the users has the option to use su or pfexec.
--Glenn > > Nita > > On 03/28/09 08:58, Joseph Mocker wrote: >> Perhaps some of the confusion comes because the OpenSolaris install >> sets the initial user account to be Primary Administrator and there >> are lots of examples of administration with pfexec like "pfexec pkg >> image-update" >> >> -- joe >> >> >> On Mar 28, 2009, at 7:42 AM, Glenn Faden <Glenn.Faden at sun.com> wrote: >> >>> Fredrich Maney wrote: >>>> On Fri, Mar 27, 2009 at 6:05 PM, Glenn Faden <Glenn.Faden at sun.com> >>>> wrote: >>>> [...] >>>> >>>> >>>>> It is a mistake to be telling users to constantly use pfexec. It >>>>> was not >>>>> designed for that purpose. We should be telling people to assume >>>>> roles, via >>>>> su, or to use sudo. >>>>> >>>> >>>> I'm in the process of taking the root password away from several users >>>> that shouldn't have it (application administrators). Since we are an >>>> all Solaris shop (at least on the Unix side), I had planned on using >>>> roles and judicious use of 'pfexec' to also remove our dependency on >>>> 'sudo' at the same time. Is there some reason I shouldn't do that? >>>> >>>> fpsm >>>> >>> When you say that you are taking the root password away from users, >>> I assume you mean that you will change it and not tell them. >>> However, if you make root a role, then they can't su to root even if >>> they know the password. When roles are assigned RBAC-aware shells, >>> like pfsh, they don't need to call pfexec directly; it's done by the >>> shell. >>> >>> Having normal users invoke pfexec directly presents the risk that >>> any user application could also invoke it without the user's >>> knowledge. It could be buried in a shell script, for example. That's >>> why it is safer to use roles. >>> >>> --Glenn >>> _______________________________________________ >>> security-discuss mailing list >>> security-discuss at opensolaris.org >
