Brian Kolaci wrote:
Jeff Victor wrote:


Brian Kolaci wrote:

IHAC that is looking to split out zone management roles.

The zone administrator creates and manages the local zones
however that person should not be able to see the data
in the zone for security purposes.  They should only be able
to manipulate the resources assigned to the zone, as well
as create/destroy zones.

The issue that comes up is that zlogin automatically grants
them unauthenticated root privileges in the zone.

The other issue is that the GZ admin can read any files in a zone without using zlogin. The only exception to that is a fs that the non-GZ admin NFS-mounts, and that exception will only last until a few CR's are delivered.

Two items on this front.  First, I was referring to someone (not root)
that has the Zones Management profile which gives them zoneadm, zonecfg
and zlogin.  Second, I've recommended that they convert root to a role
and strip privs (such as file_dac_read, file_dac_write) and protect
the filesystems and zonepaths as well as write access to user_attr,
exec_attr, etc.

What method will be used to prevent a zone admin from creating another zone, mounting the fs with sensitive info in that zone, logging into the new zone as root, and viewing the data?



--------------------------------------------------------------------------
Jeff VICTOR              Sun Microsystems            jeff.victor @ sun.com
OS Ambassador            Sr. Technical Specialist
Solaris 10 Zones FAQ:    http://www.opensolaris.org/os/community/zones/faq
--------------------------------------------------------------------------
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to