This  probably sacrilege, but some of these zone security issues might be better served with Secure Solaris,  if the security requirements are this extreme (e.g . DOD). Adding complex security always add complex overhead. On the other hand locking out the global zone to all purposes and administrators except for managing zones (nothing else) creates less security overhead. Diving servers into manage sets (this group, that group, accounts payable, accounts receivable) instead of sharing between groups can also keep the security overhead low. Everyone things they can write programs to correct bad management instead of trying to correct bad management.

Brian Kolaci wrote:
IHAC that is looking to split out zone management roles.

The zone administrator creates and manages the local zones
however that person should not be able to see the data
in the zone for security purposes.  They should only be able
to manipulate the resources assigned to the zone, as well
as create/destroy zones.

The issue that comes up is that zlogin automatically grants
them unauthenticated root privileges in the zone.  Console access
should be fine since that is authenticated, however the default
without -C gives them full access.  So with the current scenario
its an all or nothing proposition.

I propose that zlogin be split into two different programs, one
for console access and one for running programs and/or shell.
A simple way to do this (and would be backward compatible) would be to
create a hard link to zlogin, say 'zconsole' that when it is executed
the program can test arg0 and automatically apply the -C functionality
if it is called zconsole.  This would allow better separation of
duties and allow two different profiles in exec_attr to differentiate
what zone administrators can do.



zones-discuss mailing list


Michael Barto
Software Architect

LogiQwest Circle
LogiQwest Inc.
16458 Bolsa Chica Street, # 15
Huntington Beach, CA  92649

Tel:  714 377 3705
Fax: 714 840 3937
Cell: 714 883 1949

'tis a gift to be simple
This e-mail may contain LogiQwest proprietary information and should be treated as confidential.
zones-discuss mailing list

Reply via email to