News, tips, partners, and perspectives for the Oracle Solaris operating system

My 11 favourite Solaris 11 features

Darren Moffat
Senior Software Architect

  1. ZFS on disk encryption: zfs create -o encryption=on [ With pam_zfs_key PAM module for per-user key management]
  2. Immutable Zones: zonecfg -z myzone set file-mac-profile=fixed-configuration
  3. New package system - with cryptographically signed packages [ pkg(5) ] and multiple signature support
  4. Root as a role by default & authentication with user password with authentication cacheing [pam_tty_tickets ]
  5. Network virtualisation dladm(1M) & bandwidth control flowadm(1M)
  6. Automatic VNICs for Zones - one line zone creation: zonecfg -z myzone 'create ; set zonepath=/zones/myzone'
  7. IPfilter SMF integration - per service firewall rules
  8. New basic privileges: file_read/file_write/net_access
  9. Default root shell is bash (I'd personally prefer zsh but bash is good enough)
  10. 'man -k' works by default
  11. sudo with Solaris Audit support and priv_exec removal for NOEXEC

Join the discussion

Comments ( 3 )
  • Thommy M. Malmström Wednesday, November 9, 2011

    Do you know what the reason was for switching to sudo from pfexec?

  • Darren J Moffat Thursday, November 10, 2011

    We did NOT switch from sudo from pfexec. We have greatly enhanced pfexec but we now also deliver sudo that is integrated with Audit and we configure both for the initial user that is created at install. We deliver and support both because we know that sudo is familar to some people and they like it because it is cross platform. Our strategy is based on Solaris RBAC and will continue in that direction, but we want to deliver the best sudo integration we can too.

  • Carlos Azevedo Wednesday, July 19, 2017
    I greatly appreciate the delivered sudo integration with Audit. In the past it was difficult to ban third-party sudo which broke auditing procedures...
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.