> I guess I'll have to bite the bullet and try to learn RBAC. What are the
> best sources of how-to info for that?
Rewind, replay:
> I'm very interested (excited!) about the privilege model in Solaris 10,
> SO much better than the "UID 0 can do all, everyone else can do little"
> model. We've already used this to convert some application services from
> running as root to running as a non-root user with basic plus a few other
> privileges. I love it! My next use was gonna be to setup each of our sys
> admins with their own separate privileged userid with a UID of other than
> 0. That will make our sys admin work much more auditable.
Why? Why not use roles and Rights Profiles to do their work?
See rbac(5) and docs.sun.com on Role Based Access Control,
Rights Profiles, ...
With Solaris Auditing enabled, you always know who the real user
is. Furthermore when a user enters a role, the profile shells
will audit the commands run.
Gary..
P.S. http://docs.sun.com/app/docs/doc/806-4078/6jd6cjs4o?a=view
