[indiana-discuss] scope
Jonathan Edwards
Jonathan.Edwards at Sun.COM
Wed Aug 8 14:21:55 PDT 2007
On Aug 8, 2007, at 15:48, Keith Bierman wrote:
> Perhaps more entertainingly, can we somehow make RBAC work
> invisbily enough that for the "standard" developer desktop that a
> special sudo is just a default shell function which does the right
> pfexec (or pfksh or whatever the ideal syntax is) and have the SXDE/
> Indiana default be to create a user account which has the right privs?
you can kind of do that now by simply creating a developer profile
that enables the desired privs for a user (take a look at the User
Profiles button and the User Privileges tab in the User Account
Editor to envision how to do this) - this is kind of akin to the
default Administrative User profile that Mac OS X creates but with
more granularity available
what i'd like to see is more of a parallel to profiles (profiles
being aimed more at auth and access control) .. perhaps a shell
personality configuration for /bin/sh to "do the right thing" .. for
example:
- examine syntax to pick the lightest weight shell
- configure certain shell default behaviour
- look somewhere in a home directory to invoke the preferred shell
with the preferred defaults
- an nsswitch style configuration to take on certain shell
personality ordering
of course if you need to specify strict syntax for a script which is
only going to ever use one shell's directives - you'd simply invoke
the shell of choice directly (eg: #!/bin/ksh == run ksh93)
in a more complex vision - i don't see why we couldn't create shell
hybrids (which bash really is anyhow) to have a single shell that
rules all and behaves as anticipated (ie: just works)
---
.je
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.opensolaris.org/pipermail/indiana-discuss/attachments/20070808/ea8dd12a/attachment.html>
More information about the indiana-discuss
mailing list