On Aug 8, 2007, at 15:48, Keith Bierman wrote:
Perhaps more entertainingly, can we somehow make RBAC work
invisbily enough that for the "standard" developer desktop that a
special sudo is just a default shell function which does the right
pfexec (or pfksh or whatever the ideal syntax is) and have the SXDE/
Indiana default be to create a user account which has the right privs?
you can kind of do that now by simply creating a developer profile
that enables the desired privs for a user (take a look at the User
Profiles button and the User Privileges tab in the User Account
Editor to envision how to do this) - this is kind of akin to the
default Administrative User profile that Mac OS X creates but with
more granularity available
what i'd like to see is more of a parallel to profiles (profiles
being aimed more at auth and access control) .. perhaps a shell
personality configuration for /bin/sh to "do the right thing" .. for
example:
- examine syntax to pick the lightest weight shell
- configure certain shell default behaviour
- look somewhere in a home directory to invoke the preferred shell
with the preferred defaults
- an nsswitch style configuration to take on certain shell
personality ordering
of course if you need to specify strict syntax for a script which is
only going to ever use one shell's directives - you'd simply invoke
the shell of choice directly (eg: #!/bin/ksh == run ksh93)
in a more complex vision - i don't see why we couldn't create shell
hybrids (which bash really is anyhow) to have a single shell that
rules all and behaves as anticipated (ie: just works)
---
.je
_______________________________________________
indiana-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
