Hi Darren,
Darren J Moffat wrote: > In the brave new installer world I believe there will be the ability > during interactive install to create (normal) users. > Sort of, we are planning on creating privileged accounts. > From a security perspective this is a perfect opportunity to turn the > root account into an RBAC role so that only that user can become root. > > Having the root account as a role means it can't login directly on the > console and it can only be su'd to by authoirised users. > > The other thing we might want to consider is giving the user that is > created the "Primary Administrator" RBAC profile - this allows them to > use pfexec(1) a lot like other systems use a default sudo rule to run > any command as uid = 0. It also gives the user all Solaris > authorisations so they can do things like restarting services as > themselves, and setting WiFi WEP/WPA keys. > We were actually looking at a System Administrator RBAC profile. The original documents stated that the user account created would not be privileged, but after discussion we a realized we needed to allow an administrator to be created during install time. From what I understand the difference between the System Administrator and Primary Administrator RBAC profiles is that the System administrator can do things like manage filesystems, installation of software, but can't set passwords, and is not equivalent to the root user. What are your thoughts about setting the user account to the Primary Administrator rather than System Administrator? > I think however only one question about this should be asked and we > should choose if answering this with a yes means make root a role and > given the account "Primary Administrator" rights. > We haven't talked about giving root a role. We are stating though that the account created is a privileged account. > I'd suggest for discussion the following text to guide the user if > they wish this behaviour or not, the default should be to do this > (better security option by default): > > "[X] This is the primary or only system administrator account. > > Tooltip/Help: > > This account will be able to administer the system and create other > accounts. Selecting this option will also make the 'root' account > a role, this means that only this user (and any future ones explicitly > authorised) will be able to authenticate as the root user even if they > know the password; the root account will not be able to login directly. > > This is the recommended configuration or a laptop or standalone > desktop/workstation. > thanks, sarah ****
