Parted - GNU Partition Editor [PSARC/2009/145 FastTrack timeout 03/06/2009]
Phi Tran
phi.tran at sun.com
Mon Mar 2 17:33:58 PST 2009
Darren J Moffat wrote:
> Garrett D'Amore wrote:
>> +1.
>>
>> Do we really need to introduce a new set of RBAC authorizations for
>> this? I'd have guessed that low-level sys_devices or whatever access
>> would have been sufficient.
>
> I agree with Garrett, auths here is the wrong model an exec_attr entry
> with the relevant privileges is a better match here. Adding the auths
> requires forking the code base for no reason and provides no real
> benefit over an exec_attr entry.
I agree to the above if we tie read and write together, but I was
thinking about the case when we want separate read and write control.
I was thinking the model could be that everyone on the console by
default would have read privilege for parted. The write
privilege could be controlled by the auth and be part of a separate
profile.
Phi
More information about the opensolaris-arc
mailing list