Have you looked at how debian does this?
IIRC, they have a whole dir structure that deals with sites, configs and modules
that is managed with symlinks rather than editing config files...
It might be worth looking at, even if the end result is an informed "no
thanks"...
-John
Jyri Virkki
On 28 Feb 2008, at 19:00, Dan Hain wrote:
> Casper.Dik at Sun.COM wrote:
>>> The effective uid must be root to run the program. In addition,
>>> if the "-f" flag is specified, you really have to be root.
>> That is incorrect. (At least, it is bad for the program to
>> enforce this;
>> it MUST
Dan Hain wrote:
> Casper.Dik at Sun.COM wrote:
>>> The effective uid must be root to run the program. In addition, if the
>>> "-f" flag is specified, you really have to be root.
>>>
>>
>> That is incorrect. (At least, it is bad for the program to enforce this;
>> it MUST just attempt the sy
I am submitting this case on behalf of Ryan Scott with self-review
approval, for which I believe it qualifies. If anyone feels otherwise
I will promote this to a fast-track.
The project requests minor/patch binding.
thx,
-jg
--
xVM Hypervisor Remote Access (virtd)
=
I'm sponsoring this case for Cindy Eastham, even though she has yet to take
me to Hawaii. I believe it qualifies for self-review and am marking it
"closed approved automatic." I am happy to turn it into a fast track and
set the timer if anyone believes I've misjudged.
This case proposes to move
I am sponsoring this case for Seema Alevoor and closing it approved automatic.
Template Version: @(#)sac_nextcase 1.64 07/13/07 SMI
This information is Copyright 2008 Sun Microsystems
1. Introduction
1.1. Project/Component Working Name:
Apache 2.2 config samples directory structure
Thanks, following is a full ldd listing
/usr/lib/libX11.so.4
/usr/lib/libxkbfile.so.4
/usr/openwin/lib/libXau.so.6
/lib/libsocket.so.1
/lib/libnsl.so.1
/usr/openwin/lib/libXext.so.0
/lib/libmp.so.2
/lib/libmd.so.1
/lib/libscf.so.1
/lib/libuutil.so.1
/lib/libgen.so.1
/lib/libm.so.2
Regards,
Sure
On Thu, Feb 28, 2008 at 04:45:28PM -0800, Gary Winiger wrote:
> > The proposal is available in the case directory as proposal.txt, and the
> > mtr man page is in materials/mtr.8.
>
> Nit. Presumably this man page will be shipped as .1m and the
> see also will be correctly updated.
S
> The proposal is available in the case directory as proposal.txt, and the
> mtr man page is in materials/mtr.8.
Nit. Presumably this man page will be shipped as .1m and the
see also will be correctly updated.
Gary..
P.S.Don't blaim me for AT&T being different from UCB.
I am sponsoring this case for Javier Acosta and have marked it closed
approved
automatic. This imports an unmodified a standard tool from the X11R7
distribution of X.Org. Should anyone wish for this case to be converted
to a fasttrack for discussion and further review, please let me know.
This ca
On Thu, Feb 28, 2008 at 2:28 PM, James Carlson
wrote:
>
> We have a precedent. Things that are useful only for the system
> administrator go in /usr/sbin. Things that are useful for regular
> users go in /usr/bin.
>
> That precedent is documented on the filesystem(5) man page.
>
> It has n
This case was approved by PSARC on 2008/02/20.
Casper
Dan,
Dan Hain wrote:
> The man page appears to require substantial rework to correct issues and
> add example outputs. I'll start working on those.
Great. Are you in a position to feed your contributions back to the
author? While that's not exactly an architectural issue, the
documentation
Suresh Chandrasekharan wrote:
> Interfaces Imported:
>
> No significant interfaces imported.
This should at least list:
libxkbfile.so.5 ExternalLSARC 2004/576
It's in the same consolidation, so no contract is needed, but
External/Volatile interfaces should st
I don't believe anyone has an issue with the functionality this provides
more with the need for it to be installed setuid given that it isn't
privileges(5) bracketed like the existing /usr/sbin/ping. Yes nmap
isn't privileges(5) bracketed either but it isn't installed setuid.
--
Darren J Moffa
Template Version: @(#)onepager.txt 1.35 07/11/07 SMI
Copyright 2008 Sun Microsystems
1. Introduction
1.1. Project/Component Working Name:
libpqxx - Provide C++ API to PostgreSQL for Solaris and Opensolaris
1.2. Name of Document Author/Supplier:
Geir Green
1.3. Date o
James Carlson wrote:
> Nicolas Williams writes:
>> On Wed, Feb 27, 2008 at 05:41:21PM -0800, Scott Rotondo wrote:
>>> 2. If the program is only usable by a privileged user, might it belong
>>> in /usr/sbin instead of /usr/bin?
>> OT (Reply-To set):
>
> But ignored. ;-}
>
>> Waaa. I hope the AR
Template Version: @(#)sac_nextcase 1.64 07/13/07 SMI
This information is Copyright 2008 Sun Microsystems
1. Introduction
1.1. Project/Component Working Name:
setxkbmap
1.2. Name of Document Author/Supplier:
Author: Suresh Chandrasekharan
1.3 Date of This Document:
Daniel Hain writes:
> Doc Impact:
>
> New man page: fping.8 (see case directory)
This should be fping(1m) if fping goes into /usr/sbin (and I think it
should, to be consistent with ping(1M) which lives in /usr/sbin, too).
Rainer
--
--
John Zolnowsky x69422/408-404-5064 wrote:
>> John Zolnowsky x69422/408-404-5064 wrote:
>>> nfs services use a number of files in /etc/svc/volatile.
>>> Couldn't dlmgmtd use that directory?
>> That is actually what the original proposal the project team submitted said.
>
> Oh ...
>
> Couldn't the
Name: psycopg2: Python DBAPI 2.0 driver for PostgreSQL
Submitter: Staale Smedseng
Owner: James Gates
Interest:
X-Original-Status: closed approved fast-track 02/28/2008
Exposure: open
Comment:
John Fischer wrote:
> John,
>
> So I can 'mv /etc/passwd' and the whole system is messed up.
> Yes, I know an extreme example that is protected by permissions.
You need the permissions to rename files in /etc and yes: UNIX
allows you to do strange thing with strange results.
But UNIX at least
Dan Hain wrote:
> Sebastien Roy wrote:
>> seb-1:
>>
>> "Unlike ping(8) , fping is meant to be used in scripts and its
>> output is
>> easy to parse."
>>
>> If it's meant to be used in scripts, then why is the output format
>> "Not an Interface"?
> Ok, it's an Interface. Should I includ
>I think we need to stop and consider if fping is even appropriate. The
>OpenSolaris ping has been properly privilege bracketed and a lot of work
>has been done on securing it as it is a setuid root program.
>
>Rather than integrating fping shouldn't we instead consider adding the
>additional
On 02/28/08 11:32, Darren J Moffat wrote:
> Gary Winiger wrote:
1. Of course, you really mean that it requires sufficient privilege
to use a raw socket. Please confirm that there will be no geteuid()
== 0 check in the code.
>>> Yes, it requires sufficient privilege to use a raw socke
Darren J Moffat wrote:
> Joerg Schilling wrote:
> > That is the reason for trying to use a generic name for a utility that
> > only works with a limited subset of SCSI devices?
>
> The goal of the project is to allow this to be used by things other than
> SCSI.
Maybe I did missuundertand parts
>The effective uid must be root to run the program. In addition, if the
>"-f" flag is specified, you really have to be root.
That is incorrect. (At least, it is bad for the program to enforce this;
it MUST just attempt the system calls and have those fail or verify
privileges but that is a
Danek Duvall wrote:
> On Thu, Feb 28, 2008 at 12:20:11AM +0100, Roy Lyseng wrote:
>
Another issue: it is probably too late to do something about this now,
but does there exist a "best practice" document on how to use the
/usr/lib/isaexec to pick a 32/64 bit executable based on a
Gary Winiger wrote:
>>> 1. Of course, you really mean that it requires sufficient privilege to
>>> use a raw socket. Please confirm that there will be no geteuid() == 0
>>> check in the code.
>> Yes, it requires sufficient privilege to use a raw socket. The actual
>> line is "if( geteuid() )",
I'm sponsoring this case for myself. The case qualifies for patch binding,
though I'm not planning on integrating it into an update.
The proposal is available in the case directory as proposal.txt, and the
mtr man page is in materials/mtr.8.
Danek
===
On Thu, Feb 28, 2008 at 08:31:55AM -0500, James Carlson wrote:
> However, the previous poster was asserting that there's no precedent
> here, or at least that the ARC needs to set precedent, and that's
> incorrect. There's clear precedent -- whether we choose to follow it
> correctly or not.
And
On Thu, Feb 28, 2008 at 07:28:31AM -0500, James Carlson wrote:
> It has nothing to do with privilege or risk. The only question to
> answer here (for this issue) is whether fping is useful for ordinary
> users. If it's not, then /usr/sbin would be the right answer.
Oh hell yes ping and fping are
Sebastien Roy wrote:
> Dan Hain wrote:
>> Sebastien Roy wrote:
>>> seb-1:
>>>
>>> "Unlike ping(8) , fping is meant to be used in scripts and its
>>> output is
>>> easy to parse."
>>>
>>> If it's meant to be used in scripts, then why is the output format
>>> "Not an Interface"?
>> Ok, it
On Wed, Feb 27, 2008 at 05:06:45PM -0800, Liane Praza wrote:
> Nicolas Williams wrote:
> > I guess we still have time, before degraded is actually implemented, to
> > resolve the shared configuration issue. Or you could have another svcs
> > option to control whether degraded -> error.
>
> svcs -
On Thu, Feb 28, 2008 at 09:18:21AM +, Darren Kenny wrote:
> Nicolas Williams wrote:
> > On Wed, Feb 27, 2008 at 08:23:00PM -0800, John Plocher wrote:
> >> Hugh McIntyre wrote:
> >>> But on the other hand, I'm fairly sure that it I type "mv Music
> >>> Music.old" on MacOS, the desktop does not
rubbed...
URL:
<http://mail.opensolaris.org/pipermail/opensolaris-arc/attachments/20080228/23321c1c/attachment.html>
Casper.Dik at Sun.COM wrote:
>> The effective uid must be root to run the program. In addition, if the
>> "-f" flag is specified, you really have to be root.
>>
>
>
> That is incorrect. (At least, it is bad for the program to enforce this;
> it MUST just attempt the system calls and have th
recorded.
WEDNESDAY, March 5th 2008
10:00-10:10 Open Fast-tracks
-- next part --
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/opensolaris-arc/attachments/20080228/26d0fdb9/attachment.html>
recorded.
March 4th, 2008 -- NO MEETING
-- next part --
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/opensolaris-arc/attachments/20080228/0b946274/attachment.html>
On 02/27/08 23:05, Liane Praza wrote:
> + If the optional -q is provided in the fourth form, the command
> + produces no human-readable text and simply returns an error
> + code indicative of the existence of degraded services. With
> + this flag, an error code of 3 indicates serv
I need to make a correction on my original statement.
As I see it right now the main issue is the inconsistency between mv and
nautilus - I've done a scan of the nautilus code to see exactly how it's doing
things and it turns out that the code that handles this is actually implemented
in form a fi
ces exist which are enabled, but not
> running.", rather than referring explicitly to maintenance.
That would be fine; the important thing is that svcs -xq returning zero
definitively means "everything is well".
Ceri
--
That must be wonderful! I don't understand it at all.
Scott Rotondo wrote:
> Dan Hain wrote:
>
>>
>> The effective uid must be root to run the program. In addition, if
>> the "-f" flag is specified, you really have to be root.
>
> The code must change so that effective uid 0 is not required.
Ok.
>
> BTW, what is special about the -f option that requ
Nicolas Williams wrote:
> On Wed, Feb 27, 2008 at 05:06:45PM -0800, Liane Praza wrote:
>> Nicolas Williams wrote:
>>> I guess we still have time, before degraded is actually implemented, to
>>> resolve the shared configuration issue. Or you could have another svcs
>>> option to control whether deg
Nicolas Williams wrote:
> On Wed, Feb 27, 2008 at 08:23:00PM -0800, John Plocher wrote:
>> Hugh McIntyre wrote:
>>> But on the other hand, I'm fairly sure that it I type "mv Music
>>> Music.old" on MacOS, the desktop does not track this and instead creates
>>> a new Music directory next time I fi
On Thu, Feb 28, 2008 at 11:29:41AM +0100, Roy Lyseng wrote:
> Yepp. But I wonder why there is no man page for isaexec(1m) ;)
Dunno. Looks like it was introduced in PSARC/1997/220, but not explicitly
exported in the interface table (only isaexec(3c) was). Might be worth
filing a bug to get a sim
Darren J Moffat writes:
> I don't believe anyone has an issue with the functionality this provides
> more with the need for it to be installed setuid given that it isn't
> privileges(5) bracketed like the existing /usr/sbin/ping. Yes nmap
> isn't privileges(5) bracketed either but it isn't inst
Dan Hain wrote:
> Sebastien Roy wrote:
>> A couple of comments regarding the man page:
>>
>> seb-1:
>>
>> "Unlike ping(8) , fping is meant to be used in scripts and its
>> output is
>> easy to parse."
>>
>> If it's meant to be used in scripts, then why is the output format
>> "Not an In
Cyril Plisko writes:
> On Thu, Feb 28, 2008 at 2:28 PM, James Carlson
> wrote:
> > It has nothing to do with privilege or risk. The only question to
> > answer here (for this issue) is whether fping is useful for ordinary
> > users. If it's not, then /usr/sbin would be the right answer.
> >
Glenn Brunette writes:
> James Carlson wrote:
> > As for the privilege check, the reason the code does this is not that
> > what it's doing requires special privilege (though it does). The
> > reason is that the utility itself is mostly evil. Most users
> > generally don't want people scanning su
James Carlson wrote:
> As for the privilege check, the reason the code does this is not that
> what it's doing requires special privilege (though it does). The
> reason is that the utility itself is mostly evil. Most users
> generally don't want people scanning subnets at high rates, looking
> fo
Darren Kenny wrote:
> I need to make a correction on my original statement.
>
> As I see it right now the main issue is the inconsistency between mv and
> nautilus - I've done a scan of the nautilus code to see exactly how it's doing
> things and it turns out that the code that handles this is act
Nicolas Williams writes:
> On Wed, Feb 27, 2008 at 05:41:21PM -0800, Scott Rotondo wrote:
> > 2. If the program is only usable by a privileged user, might it belong
> > in /usr/sbin instead of /usr/bin?
>
> OT (Reply-To set):
But ignored. ;-}
> Waaa. I hope the ARC gets around to setting a pr
Bart Smaalders wrote:
> Cathy Zhou wrote:
>
>>> Note that I'm not suggesting the door file be packaged - it shouldn't
>>> be it is a Project Private communication channel.
>>>
>> It it is not packaged, then there is the problem that we are not be
>> able to create the door file under /etc/dladm
LSARC:
As some of you may be aware, the GDM display manager is undergoing a
rewrite.
http://live.gnome.org/GDM/NewDesign
In many regards, this rewrite is long-overdue. The design of GDM has
not changed significantly in over 5 years, and the new rewrite is
making use of newer and better desi
Nicolas Williams wrote:
> On Wed, Feb 27, 2008 at 08:22:04PM -0800, Dan Hain (Work) wrote:
>> Yes, it requires sufficient privilege to use a raw socket. The actual
>> line is "if( geteuid() )", so it's not good. The goal was to minimize
>> the changes to the open source, however if that is not
Dan Hain wrote:
>
> The effective uid must be root to run the program. In addition, if the
> "-f" flag is specified, you really have to be root.
The code must change so that effective uid 0 is not required.
BTW, what is special about the -f option that requires root?
Scott
Dan Hain (Work) wrote:
>>
>> 2. If the program is only usable by a privileged user, might it belong
>> in /usr/sbin instead of /usr/bin?
> I think that is more appropriate.
Another possibility, which I'm not necessarily endorsing, would be to
make this a setuid root program (which immediately d
On Wed, Feb 27, 2008 at 08:22:04PM -0800, Dan Hain (Work) wrote:
> Yes, it requires sufficient privilege to use a raw socket. The actual
> line is "if( geteuid() )", so it's not good. The goal was to minimize
> the changes to the open source, however if that is not an option here I
> can make
Danek Duvall wrote:
>>> 2) Acceptance of the Drtace probes
>> A review request was sent to dtrace-discuss late yesterday. Can we give
>> it a 2-day "timeout" (unless there are significant comments)?
>
> Seems fair, but do make sure they know it's a short timeout.
Will do.
>
>> Another issue
John Plocher wrote:
> So, I tried this on my mac.
>
> plocher at wp668.local> mv Music MMusic
> mv: rename Music to MMusic: Permission denied
>
> in Finder, I get a popup that says
> "Music" can't be modified or deleted because it is required by Mac OS X
Interesting. But maybe not as bulletpr
61 matches
Mail list logo
