[indiana-discuss] scope

[Keith Bierman]

On Aug 8, 2007, at 4:23 PM, Keith Bierman wrote:

>
> On Aug 8, 2007, at 2:39 PM, Eric Boutilier wrote:
>
>>
>>
>> Keith -- I for one would love it if you could enlarge on this a bit.
>> (Even though I know what all the individual functions and  
>> technologies
>> are in paragraph above, I'm still having a hard time wrapping my  
>> brain
>> around the overall mechanism/environment you're describing -- and I'm
>> guessing I'm not the only one...)
>>
>
> Well, I can't sketch out the answer, because I don't actually get the
> RBAC stuff myself enough (it's on my list of things to work on
>

It was always easier than I thought, as I've just verified this in  
several builds.

Make the default user (viz. the entity created during the Developer  
install) have primary administrator profile rather than ordinary  
user. Have the skeleton profile (eliding the discussion of what the  
default shell is, or hack it for any of the supported shell  
skeletons) to have the equivalent of
alias sudo="pfexec"

and now sudo $script

does what the "normal" linux user expects.

Doesn't come with additional baggage. No doubt there are edge cases  
where real sudo would have worked and pfexec won't, but there's a lot  
that just works out of the box this way.

Similarly for top and prstat :>

Perhaps we could lure some Linux users of various skillsets into a  
usability lab, and record their usage. Providing mappings (even if  
the results are a little different, like prstat) would be an  
interesting first step towards meeting them halfway ;>


Keith H. Bierman    keith.bierman at Sun.COM   |  khbkhb at gmail.com
Strategic Engagement Team                   | AIM: kbiermank
<speaking for myself, not Sun*> Copyright 2007