Solaris / OpenSolarisThis forum is for the discussion of Solaris, OpenSolaris, OpenIndiana, and illumos.
General Sun, SunOS and Sparc related questions also go here. Any Solaris fork or distribution is welcome.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Solaris 11.4, Oracle Linux, Mint, Debian/WSL
Posts: 9,789
Rep:
I understand that, and it's the reason why I wrote "technically".
I see however Sun's customers starting to use RBAC, which is far less complicated to set that people usually think.
For example, if I want you to be able to manage user accounts, I simply have to add or update this line in the /etc/user_attr file:
Code:
mdhmi::::type=normal;profiles=User Management
Then you'll be able for example to run "pfexec useradd" to create a user account.
If you want to be able to call useradd stile commands without the pfexec prefix, your shell can be replaced by an RBAC aware shell, like /usr/bin/pfksh, in the /etc/passwd file.
I wouldn't say all this is that more complicated than sudo.
It is actually simpler in that example, given the fact the required profile already exists.
Distribution: Solaris 11.4, Oracle Linux, Mint, Debian/WSL
Posts: 9,789
Rep:
Just a warning, "halt" is a command that shoulnd't be generally used to shutdown a Solaris box, especially when services are enabled, because it doesn't go to the smf services shutdown, nor the rc kill commands.
The recommended way is using "init 5" or "shutdown -y -i 5 -g 0".
Also, to allow a user to shutdown a machine, you can simply give this user the "Maintenance and Repair" role.
I agree Javier that RBAC is useable, we have used it on and off over the years in our environment. Our corporate directive is portability, which is why we usually use sudo as we have a mixed Solaris / AIX environment.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.