[desktop-discuss] [security-discuss] requirement for identifying a console user in RBAC
Jeff Cai
Jeff.Cai at Sun.COM
Thu Aug 16 23:26:54 PDT 2007
For sys-suspend, it checks the privilege itself while not through RBAC.
The permission is defined in file /etc/default/sys-suspend, for example:
PERMS=console-owner.
By default, only console user is permitted to run this command.
Jeff
在 2007-08-16四的 23:06 -0700,Alan Coopersmith写道:
> Glenn Faden wrote:
> > Are you suggesting that a user is implicitly
> > permitted to shutdown the system if they can login to the console?
>
> That's been the default policy in sys-suspend in Solaris since
> Solaris 2.6 or so.
>
More information about the desktop-discuss
mailing list