thanks Bob. of course Solaris itself is very good multi-user and safe OS. But as you've pointed out, there are situation where the requirements are different. I guess that this is partly question for Trusted Solaris Extensions, which btw were announced for spring 06 if I'm right. And user management which would be able to handle this.
How this is in your organisations? Can you simply go to root directories or other users directories? Bob, do you know about the Trusted Extensions for Solaris10 and JDS? Is any way to create 'virtual' users for SGD/Ray who would be able to use the JDS and required applications and keep them in their home directories (a bit alike some ftp servers)? I guess I can't be the only one looking for such solutions. thanks to all, -philip On Thu, 2006-08-31 at 15:47 -0400, Bob Doolittle wrote: > >>> I'm looking for a way how to keep users in their home directories - so > >>> that SGD/Ray users can't go and see other users and the root file > >>> system, simply not leave their /home/~ directory > >>> I've been playing around with few options (eg SUDO,containers or jail), > >>> but that isn't the right answer. > > Please be cautious about bringing a PC bias to this problem. > > Unix and Solaris in particular were designed from inception to be > multi-user safe and friendly. The whole suite of access perms, > ACLs, etc are designed to protect users from each other. > The problem with chroot is that it effectively eliminates the > ability to run system tools, which is not really appropriate for > end-users. You may be able work around this but it's kludgey. > Zones are more suitable, but as you point out heavy-weight for > a large user community. Unless you need users to have privileged > roles within zones this is probably unnecessary. > > In recent times there has been a migration of users to single-user > environments, and we tend to forget that multi-user environments > are alive and well. > > So in summary my only caution is to not over-constrain your solution. > There are clearly needs to sometimes provide extra protection between > user domains. I see this primarily between Corporate entities sharing > a single server, such as an ASP sort of environment, where the partitioning > is between Corporate user communities, not individual users. Zones > scales better at this level of granularity. > > My 2c. > > -Bob > > These opinions are my own, not my employers. > _______________________________________________ > SunRay-Users mailing list > [email protected] > http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SGD-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sgd-users
