2007/8/9, Keith Bierman <[EMAIL PROTECTED]>: > > > On Aug 8, 2007, at 4:23 PM, Keith Bierman wrote: > > > > > On Aug 8, 2007, at 2:39 PM, Eric Boutilier wrote: > > > >> > >> > >> Keith -- I for one would love it if you could enlarge on this a bit. > >> (Even though I know what all the individual functions and > >> technologies > >> are in paragraph above, I'm still having a hard time wrapping my > >> brain > >> around the overall mechanism/environment you're describing -- and I'm > >> guessing I'm not the only one...) > >> > > > > Well, I can't sketch out the answer, because I don't actually get the > > RBAC stuff myself enough (it's on my list of things to work on > > > > It was always easier than I thought, as I've just verified this in > several builds. > > Make the default user (viz. the entity created during the Developer > install) have primary administrator profile rather than ordinary > user. Have the skeleton profile (eliding the discussion of what the > default shell is, or hack it for any of the supported shell > skeletons) to have the equivalent of > alias sudo="pfexec" > > and now sudo $script > > does what the "normal" linux user expects. > > Doesn't come with additional baggage. No doubt there are edge cases > where real sudo would have worked and pfexec won't, but there's a lot > that just works out of the box this way.
Would '$ sudo cat /path/to/somefile > /path/to/otherfile' work in case the user itself has no rights to otherfile with that solution? I find it quite annoying when I try to do something like that and I need to end up doing sudo su. Similarly for top and prstat :> > > Perhaps we could lure some Linux users of various skillsets into a > usability lab, and record their usage. Providing mappings (even if > the results are a little different, like prstat) would be an > interesting first step towards meeting them halfway ;> Keith, it's the first sane suggestion I have seen on this discussion since it started. ++1 Maybe we can clone betterdesktop.org and create a bettersolaris.org site :) Keith H. Bierman [EMAIL PROTECTED] | [EMAIL PROTECTED] > Strategic Engagement Team | AIM: kbiermank > <speaking for myself, not Sun*> Copyright 2007 > > > > > _______________________________________________ > indiana-discuss mailing list > [email protected] > http://mail.opensolaris.org/mailman/listinfo/indiana-discuss > -- Un saludo, Alberto Ruiz
_______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
