On Sat, May 31, 2008 at 9:18 AM, David Magda <[EMAIL PROTECTED]> wrote: > > On May 31, 2008, at 06:03, Joerg Schilling wrote: > >> The other method works as root if you use -atime (see man page) and is >> available since 13 years. > > Would it be possible to assign an RBAC role to a regular user to > accomplish this? If so, would you know which one?
You can use "ppriv -D -e star ..." to figure out which privileges you lack to be able to reset the atime. I suspect that in order to perform backups (and reset atime), you would need to have file_dac_read and file_dac_write. A backup program that has those privileges has everything they need to gain full root access. I wish that there was a flag to open(2) to say not to update the atime and that there was a privilege that could be granted to allow this flag without granting file_dac_write. -- Mike Gerdts http://mgerdts.blogspot.com/ _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
