> >Brian, > >Thanks for the information, but it does not work. I will have another >look at the documentation, since I may be missing something in the new >release. > >Andrew
pfexec was only intended for "roles" and not for ordinary users; the Primary Administrator was dangerous but when it was assigned to a role, it wasn't that dangerous as assigning it to a user. The first one requires a second password "su role cmd" but the latter one makes it easy to exploit the system from any account assigned that role. We felt that having "pfexec id" print "uid=0(root) gid=0(root)" is a bug, not a feature. There is no profiles in Solaris 11 which delivers that functionality. You can tell "su" to work like sudo by enabling pam_tty_tickets.so(1) (Yes, it is a bug that it is in that section and with that name) With the old "Primary Administrator" was really clear when you run with a profile shell: the shell is started as root and you get a "#" prompt. Of course, you can reinvent "Primary Administrator" but we recommend against that. Casper _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
