Matthew Jacob writes: > Piping up..... > > > > > > It's unclear to me what sort of user would ever be invoking these > > things. Without a usage model, it's hard to speculate on the right > > profile to use, or even if there is one. > > > All sorts of users may want to use these utilities as Solaris doesn't > fully enumerate what devices are attached (esp. if there is no extant > driver for them). If you add the SANE scanner package, you need some > mechanism to find SCSI based scanners. If you want to access a media > changer that is otherwise not driven already via sgen usage, you would > use these utilities and mtx to manipulate the changer.
OK ... but does that same argument apply to *all* of the utilities? Are there users whom you'd grant access to one sort of (presumably safe) utility, but not to the others? It looks to me like a SCSI-3 grab-bag, which is what surprises me about the list, and the apparent application of a single profile. And are some of those things you're describing actually defects in other utilities, such as cfgadm? If so, then why not fix those utilities rather than telling users to run around on bare metal? > > As Gary has noted, it looks like the required permissions (euid==0) > > specified by the project team may be in excess of what's actually > > required to make these things work on Solaris, so that's another issue > > to resolve. > > > > > > *shrug* - this doesn't seem all that different than attaching random USB > dongles. It's the user's computer (if they have physical access to it) > to plug a device into. It's up to Solaris to pick a sensible permissions > model for the user to access their own devices. I don't think I understand that answer. We're talking about whether euid needs to be set to 0 in order for these utilities to work, or if some lesser level of privilege could be granted (such as setting egid) in order to get the same effect. How does that have anything to do with users inserting USB hardware? -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
