Parted - GNU Partition Editor [PSARC/2009/145 FastTrack timeout 03/06/2009]
Phi Tran
Phi.Tran at sun.com
Mon Mar 2 16:40:58 PST 2009
Sebastien Roy wrote:
> On Mon, 2009-03-02 at 15:44 -0800, Mark Logan wrote:
>> Sebastien Roy wrote:
>>> On Mon, 2009-03-02 at 14:38 -0800, Phi Tran wrote:
>>>
>>>> The following RBAC authorizations and profile will be added.
>>>>
>>>> Authorization Names:
>>>> solaris.admin.parted.:::Partition Editor::help=AuthPartedHeader.html
>>>> solaris.admin.parted.write:::Edit Partitions::help=AuthPartedWrite.html
>>>>
>>> Is there a technical reason why reading partition information would
>>> require a special authorization?
>>>
>> Parted needs permission to access the raw disk device.
>
> Okay, and how is this authorization related to having permission to
> access the raw device? Is there an exec_attr entry for parted under the
> new "Edit Partitions" profile that includes the actual privilege
> required to access raw disk devices?
Yes, file_dac_read and sys_devices are needed. The write authorization
will be needed for editing.
Phi
>
> In any case, +1 from me, my questions are quite minor.
>
> Thanks,
> -Seb
>
>
>
More information about the opensolaris-arc
mailing list