Mark Logan wrote:
> Sebastien Roy wrote:
>> On Mon, 2009-03-02 at 14:38 -0800, Phi Tran wrote:
>>
>>> The following RBAC authorizations and profile will be added.
>>>
>>> Authorization Names:
>>> solaris.admin.parted.:::Partition Editor::help=AuthPartedHeader.html
>>> solaris.admin.parted.write:::Edit Partitions::help=AuthPartedWrite.html
>>>
>>
>> Is there a technical reason why reading partition information would
>> require a special authorization?
>>
>
> Parted needs permission to access the raw disk device. Someone told me
> that I needed to use RBAC to allow non-root users to run it.
If "someone" means me, what I meant was you should use RBAC
authorizations or device permissions to control the access to the
device, rather than an explicit check for root.
I don't think you need to create a new authorization here.
-- Garrett
>
>>
>>> 4.3. Interfaces Exported
>>>
>>> Interface Name Classification Comments
>>> --------------- -------------- -----------------
>>> SUNWparted Committed Package name (Phase 1)
>>> /usr/share/man/man8/parted.8 Volatile Manual page (Phase 1)
>>> /usr/bin/parted Volatile Parted launcher shell
>>> script (Phase 1)
>>>
>>
>> You probably want something other than Volatile if this is meant to be
>> used programatically by other software subsystems.
>>
>
> I see your point, but isn't the rule 3rd party source == volatile?
>
>>
>>> 4.4. Schedule
>>>
>>> I propose introducing GParted into OpenSolaris in three phases:
>>>
>>> Phase 1: Parted command line (2 man months)
>>>
>>
>> Nit: schedule is not architectural.
>>
>>
>>> Phase 2: GParted GUI (3 man months)
>>>
>>
>> You say three phases above, but only mention two phases. What's the
>> third phase?
>>
>> -Seb
>>
>>
>>
>
