[indiana-discuss] pfexec?
Martin Bochnig
martin at martux.org
Wed May 27 23:07:20 PDT 2009
On Thu, May 28, 2009 at 7:58 AM, Fajar A. Nugraha <fajar at fajar.net> wrote:
> On Thu, May 28, 2009 at 12:36 PM, Martin Bochnig <martin at martux.org> wrote:
>> On Thu, May 28, 2009 at 2:30 AM, David Abrahams <dave at boostpro.com> wrote:
>>>
>>> Coming from other unices I find this strange pfexec thing being used in
>>> some places where sudo or su might have been used otherwise, and I'm
>>> trying to figure out its proper application. Can anyone offer a helpful
>>> pointer?
>>
>>
>> In addition to being much more fine-grain-controllable, RBAC offers
>> you the convenience, that you do not need to re-type the password
>> every time you run pfexec.
>
> Note that sudo and su still works as well.
> If you prefer to login directly as root (which is disabled by
> default), you can use pfexec to set root password and edit
> /etc/user_attr and remove "type=role;" from root.
>
> --
> Fajar
Yes, good that you mention.
Of course sudo still works and is already available as IPS package.
Search it with "pfexec pkg search -r sudo".
And there is a 3rd option as well: In a failsafe scenario you can boot
whatever other medium (fail-safe mode, another bootable zpool, another
bootenv, a USB stick, LiveCD, NET, whatever ... ) and have root access
from there.
Or, 4th way, just: In single user mode root is not yet a role and a
direct login to the text console is always possible from there.
Martin
More information about the indiana-discuss
mailing list