Nicolas Williams writes: > On Thu, Mar 05, 2009 at 10:50:39AM +0000, Darren J Moffat wrote: > > Phi Tran wrote: > > >I agree to the above if we tie read and write together, but I was > > >thinking about the case when we want separate read and write control. > > >I was thinking the model could be that everyone on the console by > > >default would have read privilege for parted. The write > > >privilege could be controlled by the auth and be part of a separate > > >profile. > > > > I don't see why being on the console should be special for this, please > > explain the rationale. > > I agree. Given the use of RBAC we automatically get the ability to > grant console users access to parted, if the sysadmin wants to (though I > seriously doubt it).
It's also not necessary for "normal" single user machine administration, at least on OpenSolaris. The initial user there gets added with the 'Primary Administrator' profile and 'root' role. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
