> Darren J Moffat wrote: >> From a security perspective this is a perfect opportunity to turn the root >> account into an RBAC role so that only that user can become root.
On Tue, 10 Apr 2007, Dave Miner wrote: > In this first iteration we don't have the cycles to do any more than create > an account, but we'd definitely like to move in the direction you're > suggesting later. Timing is the only real issue, and if you or someone in > security is interested in contributing here, it might go more quickly. On the surface that sounds good, but I think doing so would introduce a lot of problems in regards to that...and I have to ask, what is the difference between giving another user the role after the fact? It just seems like an un-needed layer that doesn't exist today and might not offer too much ROI to implement. My $0.02. -- Alan DuBoff - Solaris x86 IHV/OEM Group
