PSARC 2007/601 FastTrack timeout 12/05/2007 - "spec.txt" added to the materials directory
Mark Logan
Mark.Logan at sun.com
Fri Dec 14 12:33:54 PST 2007
I understand now, thanks. We will work on this.
Mark
Gary Winiger wrote:
>> I'm not sure what you mean by "noaccess". Do you want us to change the
>> method_context for LMS from "root:root" to "noaccess:noaccess"?
>>
>
> As stated in the security best practice:
> http://opensolaris.org/os/community/arc/bestpractices/security-questions
> "If this project uses any privileged operations beyond what
> a common user (e.g. "noaccess") can perform, why those are
> necessary and how they are granted."
>
> The point is to implement the principle of least privilege,
> not to say you must run as noaccess:noaccess.
>
> What is the minimum needed for this service? That is anything
> above noaccess:noaccess permitted set = "basic'?
>
> Gary..
>
More information about the opensolaris-arc
mailing list