[Libcg-devel] [PATCH 0/10] cgconfigparser with sticky bits

Wed, 23 Nov 2011 05:30:23 -0800 

Hello,

here is my attempt to modify cgconfigparser to (optionally) set default
permissions and owners of groups/files, which do not have 'perm{}'
section in a config file. The permissions include also a sticky bit for systemd.

There are two ways to do it:

1) user can optionally add new 'default {}' section to a config file. All groups
in the config file will then inherit permissions from the 'default {}', unless
specific permissions are set in group's 'perm {}' section.

This method simplifies writing of config files with non-standard group owners or
permissions - user specifies it only once in 'default {}' section and does not
need to repeat 'perm {}' in each group.

See examples in Patch 5/10.

2) user can set default permissions on cgconfigparser's command line using new
-t, -f, -a and -d options, just as in cgcreate. These permissions can be
overriden by 'default {}' section in parsed config file or 'perm {}' section of
a group.

This way is suitable for distro-specific policy, e.g. sticky bit can be added
to all groups created by cgconfig service.


As result in Fedora's init script (or unit file), I'll set the sticky bit by
default. An admin can override it in its cgconfig.conf file using 'default {}'
section or in 'perm {}' section of a group, which should be with different
permissions.

Still on the TODO list:
 - write a unit file
 - write a documentation for that - something like README.systemd, where
   integration would be described.
 - update cgconfig.conf man page with default {} description and examples.

Jan

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel

Reply via email to