[indiana-discuss] pfexec?
Haik Aftandilian
haik.aftandilian at sun.com
Fri May 29 09:29:55 PDT 2009
On Thu, May 28, 2009 at 2:30 AM, David Abrahams dave at boostpro.com wrote:
> I have already been using it, thanks. It's not that
> I prefer sudo; I'm just trying to understand the proper place of pfexec
> in the system. It's a little odd to issue admin commands without
> ever issuing a password, but I guess sudo doesn't really offer more
> security since an intruder has probably already got your password if
> he's logged in as you?
No, I don't think that logic stands up. Using sudo is more secure and it is also what users are accustomed to doing on other systems like Ubuntu Linux or Mac OS X. See bug 1945:
http://defect.opensolaris.org/bz/show_bug.cgi?id=1945
RBAC offers a lot of functionality, but without pfexec using password authentication, I don't think it is the best fit as used here.
Haik
--
This message posted from opensolaris.org
More information about the indiana-discuss
mailing list