On Fri, 2009-10-09 at 12:05 -0700, Renee Danson Sommerfeld wrote: > On Fri, Oct 09, 2009 at 02:19:35PM -0400, Anurag S. Maskey wrote: > > Renee Danson Sommerfeld wrote: > > Wouldn't these changes to the link go through the dlmgmtd daemon, > > instead of nwam writing to the file directly? > > Possibly; I suppose a flaw in my logic is that we don't know exactly > what we "might" want to do, so it's hard to say what we'll need. > > When we create keys, we use libdladm functions, and (I believe) we > (and by we I mean the user which nwamd is running as) need to have > both the correct authorizations and write access to the file.
Right, libdladm functions write directly to /etc/dladm/secobj.conf. > If/when we make link config changes in the future, presumably we'll be > using libdladm interfaces as well; but I don't know if those changes > are performed via dlmgmtd or not. If they are, then I think we only > need appropriate authorizations. If not, we'll need to have file write > access. Nothing should be reading nor writing from /etc/dladm/datalink.conf other than the dlmgmtd daemon which runs as user dladm. > Given that we aren't sure yet what we'll need to do, I guess we should > avoid making unneeded file mode changes. So we should only change mode > of secobj.conf. I would agree. -Seb
