>From an audit perspective, it's still going to show the activity as uid 0 vs an actual user. With the right infrastructure, it then becomes a lot harder to subvert... ..now if Oracle's others products (E-Biz suite) would actually work properly in an rbac environment...
On Mon, Aug 2, 2010 at 1:31 PM, Mike DeMarco <mikej...@yahoo.com> wrote: >> jimw::::type=normal;profiles=File System >> Management,ZFS File System Management >> >> which doesn't give jimw the ability to su to root but >> does give some, >> but not all, additional privs when he pfexec's >> commands. > > I know that this is only an example but I prefer using zfs allow to grant zfs > command usage to users without having them pfexec. I wish zones had the same > functionality built in that would allow zoneadm privilege for a given user. > > For root not logging who did what I always use a root.## account for > different admins to use root. None know that real root password and they > login as there root.## account which is set to uid 0. This tracks usage as > the logs now log root.__ did this. > -- > This message posted from opensolaris.org > _______________________________________________ > opensolaris-discuss mailing list > opensolaris-discuss@opensolaris.org > _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
