On Dec 3, 2007 1:45 PM, UNIX admin <[EMAIL PROTECTED]> wrote: > You should never be logged in as root directly, unless you are on the > console, in text mode. > > That is sysadmin 101.
Yes, and it's dogma. There are plenty of situations where root login is the best tool for the job. > 2. RBAC is present only on Solaris and therefore useless in homogenous > environments That seems a weak argument against it. In homogenous environments users can just 'alias sudo=pfexec'. RBAC is the sysadmins job problem, not the users, and and sudo is a blunt instrument compared to RBAC. Funny that you don't worry too much about homogenous environments when it comes to roots home directory or shell :) > A well engineered system will never have either the root user or any other > users logging into him interactively, and a correctly secured build will have > necessary mechanisms built in and configured to begin with. I'm not sure how that applies to e.g. my laptop, or why you are worried about sudo vs. rbac when no-one is going to login to your machines anyway? > That is a clearly an architectural issue, not a security issue. > > A desktop system will be a developer's system, and being a fascist on > developers is in my experience extremely counter-productive. > Not to mention that it kills morale, which is unacceptable. This seems to contradict your earlier statement. -- Rasputnik :: Jack of All Trades - Master of Nuns http://number9.hellooperator.net/ _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org