Parted - GNU Partition Editor [PSARC/2009/145 FastTrack timeout 03/06/2009]
Darren J Moffat
Darren.Moffat at Sun.COM
Thu Mar 5 02:50:39 PST 2009
Phi Tran wrote:
> Darren J Moffat wrote:
>> Garrett D'Amore wrote:
>>> +1.
>>>
>>> Do we really need to introduce a new set of RBAC authorizations for
>>> this? I'd have guessed that low-level sys_devices or whatever access
>>> would have been sufficient.
>>
>> I agree with Garrett, auths here is the wrong model an exec_attr
>> entry with the relevant privileges is a better match here. Adding the
>> auths requires forking the code base for no reason and provides no
>> real benefit over an exec_attr entry.
>
> I agree to the above if we tie read and write together, but I was
> thinking about the case when we want separate read and write control.
> I was thinking the model could be that everyone on the console by
> default would have read privilege for parted. The write
> privilege could be controlled by the auth and be part of a separate
> profile.
I don't see why being on the console should be special for this, please
explain the rationale.
--
Darren J Moffat
More information about the opensolaris-arc
mailing list