Joerg Schilling wrote:
> Gary Winiger <gww at eng.sun.com> wrote:
>
>> I'm restarting this Fast Track for Jim Hugnes.
>>
>> It requests a Patch release binding.
>> References to Major release bindings and permission to do things
>> at such a release boundary are no longer part of this case.
>> The Problem statement has been modified to reflect this.
>> The interface taxonomies remain unchanged.
>
> I already asked in the first run:
>
> What happens if people use a pf*sh by default?
Nothing different happens.
> Will they be treated as if they logged in as root with the exception that
> the files they created are not owned by root?
No this is a real root login.
> I do not like to see user accounts with super user privileges as usual in
> MS-WIN.
That isn't what this case does.
sulogin now asks for a username and password instead of just the root
password. It authenticates that user rather than root. If the user
has the authorisation that this case lists then sulogin does exactly the
same as it always did before when given the root password, ie it creates
a uid=0 privs=all (or zone) shell. The user is NOT logged in as themselves.
Very similar to how sudo works, you get asked for *your* password and
nobody needs to know the real root password (or their might not even be
one). It has the added huge bonus that now we can actually know who the
real user is and audit it correctly during sulogin.
Note that below is my understanding of how this will look with this case
but I'm not the project team they may choose slightly different output:
Currently:
----------
Requesting System Maintenance Mode
SINGLE USER MODE
Root password for system maintenance (control-d to bypass): ********
single-user privilege assigned to /dev/console.
Entering System Maintenance Mode
# pcred -a $$
100136: euid=0 ruid=0 suid=0 egid=0 rgid=0 sgid=0
groups: 0 1 2 3 4 5 6 7 8 9 12
#
Post this case I expect it will look like this
-----------------------------------------------
Requesting System Maintenance Mode
SINGLE USER MODE
Enter username (control-d to bypass): darrenm
Password: ********
single-user privilege assigned to /dev/console.
Entering System Maintenance Mode
# pcred -a $$
100136: euid=0 ruid=0 suid=0 egid=0 rgid=0 sgid=0
groups: 0 1 2 3 4 5 6 7 8 9 12
#
Or if darrenm wasn't authorised:
Requesting System Maintenance Mode
SINGLE USER MODE
Enter username (control-d to bypass): darrenm
Password: ********
User darrenm not authorised to enter system maintenance mode
Enter username (control-d to bypass):
--
Darren J Moffat
