Phi Tran wrote: > Darren J Moffat wrote: >> Garrett D'Amore wrote: >>> +1. >>> >>> Do we really need to introduce a new set of RBAC authorizations for >>> this? I'd have guessed that low-level sys_devices or whatever access >>> would have been sufficient. >> >> I agree with Garrett, auths here is the wrong model an exec_attr >> entry with the relevant privileges is a better match here. Adding the >> auths requires forking the code base for no reason and provides no >> real benefit over an exec_attr entry. > > I agree to the above if we tie read and write together, but I was > thinking about the case when we want separate read and write control. > I was thinking the model could be that everyone on the console by > default would have read privilege for parted. The write > privilege could be controlled by the auth and be part of a separate > profile.
I don't see why being on the console should be special for this, please explain the rationale. -- Darren J Moffat
