On Mon, Jan 04, 2010 at 03:58:43PM -0800, Jordan Brown wrote:
> Here are a couple of the issues that were raised last time:
>
> - How do per-user cron jobs interact with such a framework?
>
> - How is the legacy (/var/spool/cron/*, /bin/crontab) integrated with the
> new mechanism?
>
> I'd say that the answers are, at least for now, "they don't" and "it
> isn't". "System"[*] cron jobs could use the new framework, and legacy cron
> jobs would continue to operate as they currently do.
I think that's right.
> [*] When I say "system" here I mean something like "tied to
> installed software rather than to real humans". I don't mean
> to imply that it would only apply to root (since SMF manifests
> can specify that a service runs as any specific user) or that
> it would apply only to Solaris-supplied jobs (since 3rd parties
> can deliver SMF manifests).
>
> The relationship between SMF-style cron jobs and legacy cron jobs would be
> similar to the relationship between SMF-style services and /etc/rc*.d/* and
> the relationship between SMF-style network listeners and /etc/inetd.conf.
inetd.conf is a bad example (since its content gets migrated
automatically).
> It might be desirable to come up with semantics for per-user services, and
> if we ever did then that would help to further move away from the cron
> legacy, but I think it would be a mistake to consider such an expansion to
> be a prerequisite for this initial transition.
Agreed, but don't paint yourself into any corners.
Users could interact, basically by using svccfg. You'd have a service
name pattern that corresponds to users, say,
svc:/system/scheduled/users/<username>/<job-name>
but you'd need a way to delegate authorization to them, and to enforce
the method_context of such services to match the user's -- probably just
forcing the restarter to be the new cron should do to force the method
context, since that could then enforce the method_context via pam(3PAM)/
pam_unix_cred(5). In fact, the restarter should very much use PAM to
setup most of the method context for user jobs. But this could come all
later.
Nico
--
