Haik Aftandilian wrote:
On Thu, May 28, 2009 at 2:30 AM, David Abrahams [email protected] wrote:
I have already been using it, thanks. It's not that
I prefer sudo; I'm just trying to understand the proper place of pfexec
in the system. It's a little odd to issue admin commands without
ever issuing a password, but I guess sudo doesn't really offer more
security since an intruder has probably already got your password if
he's logged in as you?
No, I don't think that logic stands up. Using sudo is more secure and it is
also what users are accustomed to doing on other systems like Ubuntu Linux or
Mac OS X. See bug 1945:
http://defect.opensolaris.org/bz/show_bug.cgi?id=1945
RBAC offers a lot of functionality, but without pfexec using password
authentication, I don't think it is the best fit as used here.
Arguably, RBAC and the use of roles offers better security than sudo
depending on the setup you use. (I'm speaking only of role-based
authentication here, not pfexec.)
Cheers,
--
Shawn Walker
_______________________________________________
indiana-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
