[OpenIndiana-discuss] oi151 clean install - root role problem
Bill Sommerfeld
sommerfeld at alum.mit.edu
Sun Nov 27 15:35:00 UTC 2011
On 11/27/11 04:36, Matt Connolly wrote:
> This still didn't help. But again, setting the root user password with `sudo passwd root` enables me to authenticate to the root role using that root password. (not my user password, as I would use with sudo).
>
> Any reason why the installer would not give the "Primary Administrator" profile to the first user on the machine?
A user account granted the "Primary Administrator" profile becomes
equivalent to root -- any process running as that uid can "pfexec rm -rf
/usr" or anything more destructive.
> If the first user can't do it, who can?
Primary Administrator is too powerful to grant to a "use every day" user
account.
> If it wasn't for sudo, you'd have to boot into single mode to change anything!
the folks who made the opensolaris installer grant the first regular
user the "primary administrator" role, and then splattered pfexec all
over the documentation, made a terrible mistake; the installer has only
been corrected recently, after too many opensolaris users have been
mistrained to use pfexec the wrong way.
- Bill
More information about the OpenIndiana-discuss
mailing list