Joerg Schilling wrote: > Gary Winiger <gww at eng.sun.com> wrote: > >> I'm restarting this Fast Track for Jim Hugnes. >> >> It requests a Patch release binding. >> References to Major release bindings and permission to do things >> at such a release boundary are no longer part of this case. >> The Problem statement has been modified to reflect this. >> The interface taxonomies remain unchanged. > > I already asked in the first run: > > What happens if people use a pf*sh by default?
Nothing different happens. > Will they be treated as if they logged in as root with the exception that > the files they created are not owned by root? No this is a real root login. > I do not like to see user accounts with super user privileges as usual in > MS-WIN. That isn't what this case does. sulogin now asks for a username and password instead of just the root password. It authenticates that user rather than root. If the user has the authorisation that this case lists then sulogin does exactly the same as it always did before when given the root password, ie it creates a uid=0 privs=all (or zone) shell. The user is NOT logged in as themselves. Very similar to how sudo works, you get asked for *your* password and nobody needs to know the real root password (or their might not even be one). It has the added huge bonus that now we can actually know who the real user is and audit it correctly during sulogin. Note that below is my understanding of how this will look with this case but I'm not the project team they may choose slightly different output: Currently: ---------- Requesting System Maintenance Mode SINGLE USER MODE Root password for system maintenance (control-d to bypass): ******** single-user privilege assigned to /dev/console. Entering System Maintenance Mode # pcred -a $$ 100136: euid=0 ruid=0 suid=0 egid=0 rgid=0 sgid=0 groups: 0 1 2 3 4 5 6 7 8 9 12 # Post this case I expect it will look like this ----------------------------------------------- Requesting System Maintenance Mode SINGLE USER MODE Enter username (control-d to bypass): darrenm Password: ******** single-user privilege assigned to /dev/console. Entering System Maintenance Mode # pcred -a $$ 100136: euid=0 ruid=0 suid=0 egid=0 rgid=0 sgid=0 groups: 0 1 2 3 4 5 6 7 8 9 12 # Or if darrenm wasn't authorised: Requesting System Maintenance Mode SINGLE USER MODE Enter username (control-d to bypass): darrenm Password: ******** User darrenm not authorised to enter system maintenance mode Enter username (control-d to bypass): -- Darren J Moffat