On 9/13/07, Danek Duvall <danek.duvall at sun.com> wrote: > They're much like class > action scripts, except you can't deliver your own.
[contrived example, I don't really manage sudo like this] Suppose I use sudo in my environment because RBAC is not cross-platform and I want a package to deliver new sudo rules. Are you saying that there is no way for me to deliver (presumably with the sudo package) a module to the packaging system that knows how to add and remove sudo rules? This would seem to mean that my best bet for packages that in the old days would have modified sudoers, their only option now is to deliver a transient service that adds the rules on start and removes them on stop. Since I may have many such services delivered by various packages, I need to be very careful to have a locking mechanism that prevents race conditions. Of course, this assumes that a service that is delivered in a pkg is is automatically started after installation and automatically stopped before removal. > The set of recognized actions will obviously need to grow over time (at > first, certainly). A customer may need to upgrade the packaging system > before being able to perform some installs, much like live upgrade today > needs to be upgraded before anything else. There's room for the ability to > do that automatically. I do like the idea of saying "add a user" or "alter this rights profile". Sun or other distro maintainers shouldn't be the only once to define and deliver the recognized actions. -- Mike Gerdts http://mgerdts.blogspot.com/
