On Fri, Jun 13, 2008 at 11:05:04AM -0500, Nicolas Williams wrote: > One possibility is to have a daemon that does authorization and all the > work. So the pkg utilities talk to the daemon and the daemon checks that > the euid of its callers has the right authorizations, and goes from > there. > > SMF works this way.
How is this different from having pkg do the work itself? > Such a daemon would have to run with privilege, but then you run into > secure NFS (if an image is remote). Oops. Yeah, I'm not sure I care too much about that case, and would be willing to just let that fail. > I think partial failure is something that can always happen unless you > have a system with atomic transactions. Applications that manipulate > lots of files as part of their transactions don't usually implement > atomic transactions. (But with ZFS around...) Well, what *is* the expected behavior on partial failure? What would happen if you changed your user information and had write access to /etc/passwd but not /etc/shadow? (I hope that's not too much of a stretch.) It's true that you can only truly avoid the problem with transactions, but what do you guys who live by and die by privileges and profiles expect for a good citizen to do, generically, in this kind of a situation? Danek _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
