Parted - GNU Partition Editor [PSARC/2009/145 FastTrack timeout 03/06/2009]
Phi Tran
Phi.Tran at sun.com
Mon Mar 2 19:24:07 PST 2009
Phi Tran wrote:
> Darren J Moffat wrote:
>> Garrett D'Amore wrote:
>>> +1.
>>>
>>> Do we really need to introduce a new set of RBAC authorizations for
>>> this? I'd have guessed that low-level sys_devices or whatever access
>>> would have been sufficient.
>>
>> I agree with Garrett, auths here is the wrong model an exec_attr
>> entry with the relevant privileges is a better match here. Adding the
>> auths requires forking the code base for no reason and provides no
>> real benefit over an exec_attr entry.
>
> I agree to the above if we tie read and write together, but I was
> thinking about the case when we want separate read and write control.
> I was thinking the model could be that everyone on the console by
> default would have read privilege for parted. The write
> privilege could be controlled by the auth and be part of a separate
> profile.
Thinking about it over, there probably doesn't need to be separate
read/write control so privileges should be enough. Thanks.
Phi
More information about the opensolaris-arc
mailing list