On 05/24/11 08:54 AM, Gary Mills wrote:
On Tue, May 24, 2011 at 06:26:33AM -0600, Ken Gunderson wrote:
On Tue, 2011-05-24 at 09:21 +0100, Alasdair Lumsden wrote:
Hi All,
I too don't appreciate the flamewar on here of Solaris vs Linux,
sudo vs pfexec.
With all due respect, I think the technical signal is high enough to
qualify as relevant discussion.
My preference would be to:
1. Make root a role
2. Retain sudo as an option
3. Find a secure way to use RBAC for system administration
Not surprisingly, that's what we are trying to do, the decision that
prompted this sub-thread was about moving in that direction and removing
a security issue we'd created with the experimentation in OpenSolaris
releases. RBAC. properly configured, is highly secure, but doesn't
provide one important thing yet: authentication of the user (using his
password) at the keyboard when assuming privileges. A solution to that
will happen and allow us to refine what we're doing with Solaris.
Dave
_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
