> The architecture I have no issues with. The > terminology I have serious > issues with. > > "Workstation" could to some people imply a difference > between laptop, > desktop, workstation, server. Best not to use that > term since what > "type" of hardware the machine is or what "function" > it servers isn't > relevant here. > > "Owner" is even worse it isn't the person that > legally owns the system. > Yes I know it is about the UNIX permissions owner of > the device but that > is really an implementation issue. This term won't > translate well into > other languages and even causes confusion in English > (at least to me and > the few techy and semi-techy people I run this by). > > I think a better term is "Console User". The > functionality in the case > applies to the system "Console" regardless of wither > this is a laptop, > workstation, desktop, server or all (or some new > term). "User" because > this has nothing to do with ownership of the machine > but about which > user is currently using the console. > > "Console User" is also used in other platforms for > similar or near > identical functionality. This is an important point > because it means > that people will more easily find this functionality > on Solaris rather > than assuming it doesn't exist.
Since the behavior that "console user" would grant would otherwise be restricted on the rationale of being disruptive rather than of obtaining additional read or write access to regular files, I think the concept (if not necessarily this case) might need to be more dynamic. Possibilities include allowing (but warning first), or even (under site policy control) restricting (statically or even dynamically) just what types of actions fall within the scope of "console user". Even the terminology (and the associated implication of being logged in at the console, or at one or more virtual consoles) is something I'm not entirely certain of. Most of the actions involved might seem more applicable to laptop or desktop users, but some of them resemble what one might grant to an operator, insofar as even large systems have such persons anymore (maybe the distinction would be between 1st and higher tier support personnel, instead). As such, while one might in some cases wish to grant certain authority on the basis of being the console user, in others one might wish to grant the exact same authority to specified accounts always, or only during normal work hours, or with other (possibly dynamic) constraints. So I think it's really to do with supplementary additions or subtractions (at least at login time, if not even more dynamically) to the normal permissions an account has, based on criteria including but not necessarily limited to being logged in at the console. I don't know what I'd call that, maybe "modified session permissions" or something like that. This message posted from opensolaris.org
