I propose that zlogin be split into two different programs, one
for console access and one for running programs and/or shell.
A simple way to do this (and would be backward compatible) would be to
create a hard link to zlogin, say 'zconsole' that when it is executed
the program can test arg0 and automatically apply the -C functionality
if it is called zconsole.  This would allow better separation of
duties and allow two different profiles in exec_attr to differentiate
what zone administrators can do.

There have been some discussion of using SMF authorizations with zones
to provide this level of control.  One CR of interest is

    4963290 RFE: implement flexible zone administration that
        doesn't require uid=0


I believe the RFE covers quite a bit of this and seems to
be most of what the customer is looking for.  However the functionality
of zlogin should still be split into two different programs or somehow
devise a way to allow one set of users that can do 'zlogin -C' for console
access and another group of users that can get regular 'zlogin' direct

Its the all-or-nothing of zlogin that is currently at question.
If you can specify via RBAC two different profiles, one for 'zlogin -C'
and another with normal 'zlogin', then at least you can separate the access
control out via RBAC.  If you can't, then it should be split to two
separate programs.

zones-discuss mailing list

Reply via email to