IHAC that is looking to split out zone management roles.
The zone administrator creates and manages the local zones
however that person should not be able to see the data
in the zone for security purposes. They should only be able
to manipulate the resources assigned to the zone, as well
as create/destroy zones.
The issue that comes up is that zlogin automatically grants
them unauthenticated root privileges in the zone. Console access
should be fine since that is authenticated, however the default
without -C gives them full access. So with the current scenario
its an all or nothing proposition.
I propose that zlogin be split into two different programs, one
for console access and one for running programs and/or shell.
A simple way to do this (and would be backward compatible) would be to
create a hard link to zlogin, say 'zconsole' that when it is executed
the program can test arg0 and automatically apply the -C functionality
if it is called zconsole. This would allow better separation of
duties and allow two different profiles in exec_attr to differentiate
what zone administrators can do.
zones-discuss mailing list