sudo [PSARC/2008/370 FastTrack timeout 06/17/2008]
James Carlson
james.d.carlson at sun.com
Thu Jun 12 08:37:34 PDT 2008
Darren J Moffat writes:
> Lets just give them good enough (I'd say vanilla sudo is 90% there)
> rather than trying to do perfect (RBAC isn't perfect either and there
> are things sudo does much better that it could but doesn't do).
At no point was I arguing against that. None. I went out of my way
to make sure that I wasn't asking for any change to sudo or any other
impediment to releasing ancient and very familiar bits like that in
Sun clothing.
Since it's apparently unclear, I'll do so again: please don't change
sudo. Don't change a hair. I'm also one of the people who use it.
What I'm asking about is whether there's an architectural principle
involved that determines what things do get this sort of extra
scrutiny and what things do not. It sounds like the answer is that
there _is_ one that's based on required components for administration,
but that it's never been documented as architecture, and the Sun group
that has the skill and authority to make these decisions on its own
doesn't plan to make it an ARC policy any time in the near future.
In that case, and assuming I've got that right, I don't think the ARC
should be in the business of enforcing any rules on this, and that
future projects should feel free to ignore the issue. At least until
there is such a rule.
--
James Carlson, Solaris Networking <james.d.carlson at sun.com>
Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
More information about the opensolaris-arc
mailing list