Rick Matthews writes: > I'm interested in this from a far more general position. It didn't > seem to me that > the sg3 utilities did any more than access the device via its name in > the file system. > Access to this device shouldn't need to be controlled by the utility, as > any program > can also attempt to open the device, and send the appropriate commands > to get the actions > desired. If that is the case, isn't the permissions to access the device > provided by Solaris > adequate? If that is not the case, I'll continue watching this thread > with interest.
The issue isn't with the utilities themselves -- they don't (and certainly should not) check anything about permissions; the drivers must do that. The issue is about what minimal privileges need to be granted to the utilities in order to make them work, and what profile (if any) should have them in it. It's unclear to me what sort of user would ever be invoking these things. Without a usage model, it's hard to speculate on the right profile to use, or even if there is one. As Gary has noted, it looks like the required permissions (euid==0) specified by the project team may be in excess of what's actually required to make these things work on Solaris, so that's another issue to resolve. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
