On 06/24/11 13:18, James Carlson wrote:
Darren J Moffat wrote:
In some deployments it would be useful to have administrators that
can install only "blessed" software and updates but not to be able
to install any arbitrary software (say setuid binaries or config files
that give them more rights). In some use cases a linked image would be
appropriate for this but in others it is the system image we want to
update.
For example allowing DBAs to update the database binaries without
requiring an OS administrator. Or allowing a class of administrator
that is allowed to apply OS vendor patches/updates but not to change the
system configuration.
Those sound like very good goals to me. The proposal described doesn't
seem to allow that degree of separation, though. Is discrimination
based on package category (DB versus OS) or rather administrative
authority something that would be added later?
If we really want that strict separation then one possible way to do it
with pkg is that have separate images for the DB and the OS. If the DB
needs to depend on OS packages the it might be possible to use linked
images. Here the DB would be a "user" or "partial" image not the
"system image".
We could then consider using the object part of the authorisation
(similar to how it is used in zone delegation) to indicate the image.
That way people who are DB installation admins get solaris.pkg.*/dbimage
and people who are OS admins get solaris.pkg.*/system. I don't think
we have a naming scheme for images as yet.
In this case if a DB needs an updated OS package the OS admin has to do
his job first.
I'd rather leave that until linked images and user images have developed
a bit more. I think the original proposal provides enough value on its
own and it is mostly targeted at the system image anyway.
--
Darren J Moffat
_______________________________________________
security-discuss mailing list
[email protected]
