On 24.6.2013 14:55, Tomas Babej wrote:
On 06/24/2013 09:35 AM, Petr Spacek wrote:
What would happen if require_root = False, UID = 1234 but the plugin
requires root access? (I.e. there is an error in the require_root value.)
The calling of particular external command that requires root access for its
execution will fail.
I don't like this boolean, because plugin author has to test the plugin and
maintain the boolean after each change in the plugin. From my (naive) point
of view it is error prone and unnecessary.
Why? From my point of view, it simplifies the work for the plugin author,
since he can set the boolean if he knows that plugin will need root access to
require information needed.
I see the opposite part: "Root" requirement can change over time (during
plugin and IPA development), so the plugin maintainer has to maintain this
boolean.
Without it:
- If he wanted to stay user-friendly he would have to implement the check for
effective UID in every plugin.
- If he did not, he would be having his command fail with (often) cryptic
errors.
Proper error handling seems like 'the right way'™ to me.
What kind of proper error handling? The errors are now properly handled via
AdminTool's framework.
Appropriate error handling = Return 'Permission denied' if particular
operation requires higher privileges.
IMHO 'cryptic' error message is bad in any case, so the right way how to fix
'cryptic' error messages is to fix the places where errors are thrown.
I don't think that additional checks in 'advisor' to hide 'cryptic' errors are
the right approach.
--
Petr^2 Spacek
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
