2008/6/13 Michal Pryc <[EMAIL PROTECTED]>: > Shawn Walker wrote: >> http://cr.opensolaris.org/~migi/packagemanager-integration/src/cmd/gui/modules/userrights.py.html >> ============================== ... >> The check done here for Solaris doesn't seem right to me. The last >> time I asked a Sun engineer about how "permission checks" should be >> handled, I was told that an application should simply perform >> operations and fail gracefully. You shouldn't "check for permission" >> first before attempting. > > That seems wrong to me, how the app should know if the user have rights to > install/remove packages? This was the easiest way of doing this without > checking user profiles/roles. If the user doesn't have rights all the > buttons should be disabled. In the above example it is possible to determine > if the user have rights after performing operation such as > install/remove/update and then disabling buttons... ?
Here's a few quotes from Darren J Moffat here when this question came up for a pkg gui that John Hawk was writing: Darren Moffat wrote: > You REALLY REALLY REALLY REALLY don't want to test that the user has a > specifically named profile - not even pfexec (pfsh,etc) do that. It is > very likely that the user may have a differently named profile with the > required privileges/uid assigned to the command. Darren Moffat wrote: > Shawn Walker wrote: > > explicitly checked for the "Software Installation Profile" -- since > > I'm the ignorant person that suggested this to John, can you clarify > > how you can check for sufficient privileges? > > You shouldn't you should do the operation and if it fails with > permission denied you know you don't have permission. It isn't your job > as a userland application or library to check privileges that is the job > of the kernel. Don't try and second guess the kernel. Darren Moffat wrote: > Shawn Walker wrote: > > I was looking for a confident way to ensure "up-front" that a user has > > the necessary privileges without relying on the (incorrect) > > sledgehammer approach of requiring root. > > There isn't one and not even checking for uid=0 is correct. In short, Darren paints this as, "Look before you Leap" and believes it to be "quite anti Python style". So, I would urge you to remove this check. Cheers, -- Shawn Walker _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
