We will be creating a new server build model using Solaris 11 and I wanted to know a little more about sudo.
I have had very limited introduction to how it works in Ubuntu Linux, but we only use that for workstations. I wonder is potential in Solaris.
- I understand that certain users can be given root access without providing them the root password. I like this.
- I also have seen it implied that some kind matchers can be applied to only allow certain access. This of course has limited use, but it can
- add a layer of work before a user is able to sabotage the system, perhaps delaying the sabotage until his/her access is revoked. (this should never be a problem, but it is good to have measures in place in case there is mis-placed trust a couple years from now)
- prevent mistakes, for example accidentally shutting down the wrong machine.
- simplify some processes, for example a user may be charged with keeping the DNS server up to date, in which case they could be given access to specific zone files, as well as permission to run
svcadm refresh dns-server.
My questions are
- What capabilities apply to Solaris, as opposed to either Linux or just myth?
- Do you have recommended reading material on
sudo? (as it relates to Solaris) - Would you recommend that I use it, or just stay with
su -?
Best Answer
Sudo works exactly the same with Solaris as it does with Ubuntu etc so any previous experience you have with it is useful. Solaris does though come with Role Based Access Control (RBAC) which gives you quite fine grained control over what people are alowed to run with elevated privileges.
Using sudo or RBAC is preferable to su - as they can be used to log what actions have been taken.