On Aug 8, 2007, at 4:23 PM, Keith Bierman wrote: > > On Aug 8, 2007, at 2:39 PM, Eric Boutilier wrote: > >> >> >> Keith -- I for one would love it if you could enlarge on this a bit. >> (Even though I know what all the individual functions and >> technologies >> are in paragraph above, I'm still having a hard time wrapping my >> brain >> around the overall mechanism/environment you're describing -- and I'm >> guessing I'm not the only one...) >> > > Well, I can't sketch out the answer, because I don't actually get the > RBAC stuff myself enough (it's on my list of things to work on >
It was always easier than I thought, as I've just verified this in several builds. Make the default user (viz. the entity created during the Developer install) have primary administrator profile rather than ordinary user. Have the skeleton profile (eliding the discussion of what the default shell is, or hack it for any of the supported shell skeletons) to have the equivalent of alias sudo="pfexec" and now sudo $script does what the "normal" linux user expects. Doesn't come with additional baggage. No doubt there are edge cases where real sudo would have worked and pfexec won't, but there's a lot that just works out of the box this way. Similarly for top and prstat :> Perhaps we could lure some Linux users of various skillsets into a usability lab, and record their usage. Providing mappings (even if the results are a little different, like prstat) would be an interesting first step towards meeting them halfway ;> Keith H. Bierman [EMAIL PROTECTED] | [EMAIL PROTECTED] Strategic Engagement Team | AIM: kbiermank <speaking for myself, not Sun*> Copyright 2007 _______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
