I think that the best way to do that is just run
the
commands and make
sure they fail appropriately when they can't be
run
and have that
error reported back.,
If not, you will have two implementations of
essentially the same access
mechanism and they are bound to drift out of
Then add an option to pfexec that only checks if something should be
permitted, returns zero/non-zero, and writes not a message, but
a stable code that could be expanded to a message (so as to leave
localization up to whatever reads that code) to its stdout. That would
take care of things by