Nicolas Williams wrote:
> On Thu, Mar 05, 2009 at 10:50:39AM +0000, Darren J Moffat wrote:
>
>> Phi Tran wrote:
>>
>>> I agree to the above if we tie read and write together, but I was
>>> thinking about the case when we want separate read and write control.
>>> I was thinking the model could be that everyone on the console by
>>> default would have read privilege for parted. The write
>>> privilege could be controlled by the auth and be part of a separate
>>> profile.
>>>
>> I don't see why being on the console should be special for this, please
>> explain the rationale.
>>
>
> I agree. Given the use of RBAC we automatically get the ability to
> grant console users access to parted, if the sysadmin wants to (though I
> seriously doubt it).
>
Me too. I can't imagine any sane system adminstrator wanting to
delegate the privilege to manage partition tables to anyone who doesn't
also have Primary Administrator privileges.
I was originally opposed to having the exec_attr entry just for this
reason... but I'm OK with the idea of adding it since format is already
there.
-- Garrett
