2012-10-31 2:40, Alex Smith (K4RNT) пишет:
Don't do that, you may completely blow up the installation and keep
anyone from using X-Windows.
You may want to look at the user roles to see if that may do what
you're looking for.
On Tue, Oct 30, 2012 at 3:24 PM, Robbie Crash <sardonic.smi...@gmail.com> wrote:
But that doesn't allow the admin to log on to the server graphically, which
I'd assume they want to since they have the GUI installed.
Ask them, maybe they just installed the default setup? ;)
Argue that omitting X startup frees up some server resources
and reduces an attack surface. Also, an admin might log in
on text console, "(pfexec) svcadm enable -t gdm" and use the
GUI and then disable it back. Or use SSH and VNC for example.
What I did want to say, though, was: did you try locking the
accounts (passwd -l/-N)? I think smb-compatible passwords are
stored not in /etc/shadow (and are routed via PAM), so you
should be able to effectively disable UNIX accounts and retain
CIFS ones. If the proper method (passwd -l) does also disable
the CIFS password, try to directly change /etc/shadow with
lock-lines like this:
gdm:*LK*:::::::
HTH,
//Jim Klimov
_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
