[indiana-discuss] pfexec?
David Abrahams
dave at boostpro.com
Sun Jun 7 17:35:17 PDT 2009
On May 28, 2009, at 1:36 AM, Martin Bochnig wrote:
> On Thu, May 28, 2009 at 2:30 AM, David Abrahams <dave at boostpro.com>
> wrote:
>>
>> Coming from other unices I find this strange pfexec thing being
>> used in
>> some places where sudo or su might have been used otherwise, and I'm
>> trying to figure out its proper application. Can anyone offer a
>> helpful
>> pointer?
>
>
> In addition to being much more fine-grain-controllable, RBAC offers
> you the convenience, that you do not need to re-type the password
> every time you run pfexec.
You actually don't need to do that with sudo either; it has some kind
of memory and doesn't ask if you've authenticated recently.
> RBAC originates from Trusted Solaris 2.5.1, then 8, now 10 &
> OSyyyy.mm.
> It has highest level security certifications not many other operating
> systems ever pass, whether with or without similar clones of Trusted
> Extensions.
All the certifications in the world do no good if the security system
is configured to hand out root privileges lightly.
--
David Abrahams
BoostPro Computing
http://boostpro.com
More information about the indiana-discuss
mailing list