On Wed, Nov 23, 2011 at 7:00 PM, Jan Safranek <jsafr...@redhat.com> wrote:
>
> Hello,
>
> here is my attempt to modify cgconfigparser to (optionally) set default
> permissions and owners of groups/files, which do not have 'perm{}'
> section in a config file. The permissions include also a sticky bit for
> systemd.
>
> There are two ways to do it:
>
> 1) user can optionally add new 'default {}' section to a config file. All
> groups
> in the config file will then inherit permissions from the 'default {}', unless
> specific permissions are set in group's 'perm {}' section.
>
> This method simplifies writing of config files with non-standard group owners
> or
> permissions - user specifies it only once in 'default {}' section and does not
> need to repeat 'perm {}' in each group.
>
> See examples in Patch 5/10.
>
I like the default idea, in fact we've wanted to do defaults for a
long time. We would love to inherit defaults from this group.
>
> 2) user can set default permissions on cgconfigparser's command line using new
> -t, -f, -a and -d options, just as in cgcreate. These permissions can be
> overriden by 'default {}' section in parsed config file or 'perm {}' section
> of
> a group.
>
> This way is suitable for distro-specific policy, e.g. sticky bit can be added
> to all groups created by cgconfig service.
>
>
Balbir Singh
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
