On Thu, 2009-05-28 at 11:19 -0400, David Abrahams wrote: > on Thu May 28 2009, Martin Bochnig <martin-AT-martux.org> wrote: > > > On Thu, May 28, 2009 at 7:58 AM, Fajar A. Nugraha <[email protected]> wrote: > >> On Thu, May 28, 2009 at 12:36 PM, Martin Bochnig <[email protected]> wrote: > >>> On Thu, May 28, 2009 at 2:30 AM, David Abrahams <[email protected]> wrote: > >>>> > >>>> Coming from other unices I find this strange pfexec thing being used in > >>>> some places where sudo or su might have been used otherwise, and I'm > >>>> trying to figure out its proper application. Can anyone offer a helpful > >>>> pointer? > >>> > >>> > >>> In addition to being much more fine-grain-controllable, RBAC offers > >>> you the convenience, that you do not need to re-type the password > >>> every time you run pfexec. > >> > >> Note that sudo and su still works as well. > >> If you prefer to login directly as root (which is disabled by > >> default), you can use pfexec to set root password and edit > >> /etc/user_attr and remove "type=role;" from root. > >> > >> -- > >> Fajar > > > > > > Yes, good that you mention. Of course sudo still works and is already > > available as IPS package. Search it with "pfexec pkg search -r sudo". > > I have already been using it, thanks. It's not that I prefer sudo; I'm > just trying to understand the proper place of pfexec in the system. > It's a little odd to issue admin commands without ever issuing a > password, but I guess sudo doesn't really offer more security since an > intruder has probably already got your password if he's logged in as > you?
This is actually a bug (rather serious IMO). The "Primary Administrator" profile should never have been given to the default user. See: http://defect.opensolaris.org/bz/show_bug.cgi?id=4885 The fist thing I do when I install OpenSolaris is remove this profile from the default user. -M _______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
