Brian Cameron wrote: > > Calum: > > It would be nice to get some usability perspective on how gaining > privelege on Solaris could/should work. > > Darren: > > I think what we need is for RBAC to be *usable* for desktop users. > When someone is using their computer and wants to configure the > internet, how should this work? > > - I need to know how to log in as root and configure RBAC first? Or > is there some fancy RBAC editor that makes editing RBAC easy? > There is a chicken-and-egg thing. How do we make editing RBAC > easy when you need privilege to edit the RBAC configuration files?
The JDS Users and Groups tool has this functionality. Select a user, click Properties, then pick the User privileges tab. Select "Maintenance and Repair" and the relevant authorizations are assigned to the user. By the way, the term "privileges" is not used correctly in this tab. It should be "Rights". The SMC is the official tool for managing RBAC and provides GUIs for essentially all operations. The GUIs themselves require authorization, so the SMC supports delegation of authorizations and rights. Of course, I realize people don't want to use the SMC, but it is the GUI which is evaluated in our Common Criteria certifications. > > - Because I'm the console user I just have permissions? If you don't want to use RBAC, you can just consider console ownership to be an implicit authorization. But, as Darren stated, that isn't appropriate in all cases. Consider a kiosk, for example. Why should the guest account be able to shutdown the system? > > - I am prompted for a root/role password to get permissions temporarily. Take a closer look at Trusted JDS. This is now part of Solaris, and the RBAC features could be enabled in Solaris without depending on labeling. We have a Trusted Path for changing passwords and assuming roles. The role could be assigned the Maintenance and Repair right profile, instead of the normal user. Roles get their own JDS workspaces. FYI, if you choose to ignore TX, you will probably get a P1 bug assigned to you to fix whatever damage you cause. > > Perhaps the right answer is case-by-case. I think some permissions > such as shutdown make sense for any console user, at least as a default > that can be changed if people don't want console users to have this > authority. > > However, Solaris should have some strategy for allowing normal desktop > users the ability to manage their systems without needing to know how > to modify RBAC ASCII files. No? Ideas? The JDS Users and Groups tool is barely adequate. SMC is part of Solaris. At the very least it should be studied for its current usability. It is actually quite good, but it is not maintained very well. --Glenn
