My 11 favourite Solaris 11 features

  1. ZFS on disk encryption: zfs create -o encryption=on [ With pam_zfs_key PAM module for per-user key management]
  2. Immutable Zones: zonecfg -z myzone set file-mac-profile=fixed-configuration
  3. New package system - with cryptographically signed packages [ pkg(5) ] and multiple signature support
  4. Root as a role by default & authentication with user password with authentication cacheing [pam_tty_tickets ]
  5. Network virtualisation dladm(1M) & bandwidth control flowadm(1M)
  6. Automatic VNICs for Zones - one line zone creation: zonecfg -z myzone 'create ; set zonepath=/zones/myzone'
  7. IPfilter SMF integration - per service firewall rules
  8. New basic privileges: file_read/file_write/net_access
  9. Default root shell is bash (I'd personally prefer zsh but bash is good enough)
  10. 'man -k' works by default
  11. sudo with Solaris Audit support and priv_exec removal for NOEXEC
Comments:

Do you know what the reason was for switching to sudo from pfexec?

Posted by Thommy M. Malmström on November 09, 2011 at 03:21 PM GMT #

We did NOT switch from sudo from pfexec. We have greatly enhanced pfexec but we now also deliver sudo that is integrated with Audit and we configure both for the initial user that is created at install. We deliver and support both because we know that sudo is familar to some people and they like it because it is cross platform. Our strategy is based on Solaris RBAC and will continue in that direction, but we want to deliver the best sudo integration we can too.

Posted by Darren J Moffat on November 10, 2011 at 07:39 AM GMT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

DarrenMoffat

Search

Categories
Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today