On 12/3/07, Milan Jurik <[EMAIL PROTECTED]> wrote: > > Hi, > > > I strongly disagree, for two reasons: > > > > 1. if the system engineering has done their job correctly, no > interactive logging in of any kind, by either the root or odrinary users > should take place on the system - ever > > > > 2. RBAC is present only on Solaris and therefore useless in homogenous > environments; sudo would have been a much better choice, especially because > it makes system administration consistent and homogenous. > > > > I do not at all appreciate RBAC. > > > > And I don't like sudo. Too strange thing. > > And in that case we should forget about ZFS (because it is administred > in different way), dtrace (strange, it is not on AIX or HP-UX), FMA, > what else? Time to forget ACLs, they are not managed in the same way > around all OSes... > > RBAC is Solaris way, correct and clean. Not sudo hack. You can use it, > nobody will stop you. But don't stop RBAC just only because you don't > understand RBAC. Write sudo wrapper around RBAC, if you want. >
Even for a newcomer in the Solaris world, "UNIX admin"'s views seem extremely biased. Nobody's going to die if there's a /root entry in the file system (God forbid you'd want a custom .vimrc when you're running as root!) or if `uname -a` prints something different from SunOS. Or having a BASH as the default shell. I'm sure that Indiana has a lot of flaws, but channeling so much energy into bikeshedding talks is counterproductive at least. -- Andrei Maxim _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
