IHAC that is looking to split out zone management roles.
The zone administrator creates and manages the local zones however that person should not be able to see the data in the zone for security purposes. They should only be able to manipulate the resources assigned to the zone, as well as create/destroy zones. The issue that comes up is that zlogin automatically grants them unauthenticated root privileges in the zone. Console access should be fine since that is authenticated, however the default without -C gives them full access. So with the current scenario its an all or nothing proposition. I propose that zlogin be split into two different programs, one for console access and one for running programs and/or shell. A simple way to do this (and would be backward compatible) would be to create a hard link to zlogin, say 'zconsole' that when it is executed the program can test arg0 and automatically apply the -C functionality if it is called zconsole. This would allow better separation of duties and allow two different profiles in exec_attr to differentiate what zone administrators can do. Thanks, Brian _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
