Ed Gould wrote: > Gary Winiger wrote: >>> John Plocher wrote: >>>> When to use setuid -vs- roles and profiles >>>> >>>> http://www.opensolaris.org/os/community/arc/bestpractices/rbac-intro/ >>>> >>>> HOWTO guide for adding RBAC authorizations >>>> >>>> http://www.opensolaris.org/os/community/arc/bestpractices/rbac-auths/ >>>> >>>> HOWTO guide for adding RBAC Rights Profiles >>>> >>>> http://www.opensolaris.org/os/community/arc/bestpractices/rbac-profiles/ >>> >>> I found these three documents to be essentially opaque. They all >>> seem to presume that the reader already knows most of what is to be >>> known about RBAC and rights profiles, and only wants a bit of >>> guidance on when >> >> Indeed. That's what the reference sections are about. >> http://developers.sun.com/solaris/articles/ais.html >> >>> to do what. At least, there should be references to the appropriate >>> background material. Better, IMHO, would be a broader description of >>> the context of where the advice given applies. >> >> They were written with a particular audiance in mind. That is >> one who knew what was needed, but not quite sure on how to >> go about doing things. Perhaps your saying that ais.html >> is an incomplete tutorial. I know there are other tutorials. >> They linked off of http://sac.eng/cgi-bin/bp.cgi?NAME=RBAC.bp >> I no longer have nor recall if there were external references to >> them. > > Hmm. I never got to the references section, because I didn't understand > enough from the text to expect that it would be useful. One doesn't > tend to look past the opaque text to find the illumination. One way to > look at what I'm saying is that opensolaris.org may not be the right > place for such narrowly-crafted documents.
I disagree entirely. They're documents oriented toward developers working on the (Open)Solaris source base, and refer to specifics thereof (and assume some knowledge thereof). That's not at all unreasonable for opensolaris.org. In fact, I'd say it's *ideal* for opensolaris.org, it's what one would expect, and the kind of content you'd hope to see about such things. Given it's also material from PSARC (also, entirely appropriate for opensolaris.org) and in the ARC community. It seems particularly relevant, entirely reasonable and as it should be (beyond the PSARC/1997/332 link being dead, but eh, nitpicking). > I suspect they may discourage use more than they encourage it. Another way to look at it > is to suggest that writing the advice for a wider audience may suit the > opensolaris.org venue better than do the existing documents. Again, I think this is exactly backward. More generic documents would certainly be beneficial, but they seem far more suited to product developer documentation (perhaps also on, or maintained via opensolaris.org, I'd think in the security community). > Or maybe > there should be a "Background" or "Prerequisite" section at the top that > points the reader to what they should know before reading the document > at hand. > It's at the bottom, rather than the top, but it's there (and on a short page). Moving it up could perhaps be useful (or marking the bits at the bottom out as footnotes in some fashion, maybe). -- Rich.
