On Fri, Oct 09, 2009 at 11:44:02AM -0400, Anurag S. Maskey wrote: > changing permissions and group of flowadm.conf and flowprop.conf > > http://zhadum.east/export/ws/am223141/temp/nwam1-work/webrev/ > > Setting the permissions to 664 on datalink.conf, flowadm.conf and > flowprop.conf seems wrong. I haven't heard anything regarding why these > files have to be writeable by netadm group. I'm reverting code for > datalink.conf that set the mode to 664.
There's no specific need now; my thinking was that it's conceivable that there could be a need in the future (when nwam can do more elaborate link-related configuration), so we might as well do all the updates at once. But I'm not adamant about that, if others think we should hold off, that's fine. > Also, dlmgmtd needs to be run as netadm group, so it can create files > and directories as dladm:netadm. These changes are included. Good catch. > Finally, the IPS actions don't change the group of the dladm user to > netadm on image-update (bug 9755). I added code in net-nwam that > changes the group to netadm if not already. Given that net-nwam might run before the file system is writable, I'm not sure that solution/workaround works. Though I suppose on the first reboot after update, the phase 1 net-nwam doesn't run until after manifest-import, which might be enough of a delay; on the other hand, they're working on making manifest-import happen really early, aren't they? Not sure how close that is. In any case, this might be acceptable as a workaround for now, but I don't think we should include this in the final push. Other opinions? -renee
