On Thu, May 28, 2009 at 7:58 AM, Fajar A. Nugraha <[email protected]> wrote: > On Thu, May 28, 2009 at 12:36 PM, Martin Bochnig <[email protected]> wrote: >> On Thu, May 28, 2009 at 2:30 AM, David Abrahams <[email protected]> wrote: >>> >>> Coming from other unices I find this strange pfexec thing being used in >>> some places where sudo or su might have been used otherwise, and I'm >>> trying to figure out its proper application. Can anyone offer a helpful >>> pointer? >> >> >> In addition to being much more fine-grain-controllable, RBAC offers >> you the convenience, that you do not need to re-type the password >> every time you run pfexec. > > Note that sudo and su still works as well. > If you prefer to login directly as root (which is disabled by > default), you can use pfexec to set root password and edit > /etc/user_attr and remove "type=role;" from root. > > -- > Fajar
Yes, good that you mention. Of course sudo still works and is already available as IPS package. Search it with "pfexec pkg search -r sudo". And there is a 3rd option as well: In a failsafe scenario you can boot whatever other medium (fail-safe mode, another bootable zpool, another bootenv, a USB stick, LiveCD, NET, whatever ... ) and have root access from there. Or, 4th way, just: In single user mode root is not yet a role and a direct login to the text console is always possible from there. Martin _______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
