Bart Smaalders wrote: > James Carlson wrote: >> Matthew Jacob writes: >>> I'm playing dumb user in this paragraph. If I, as a user of OpenSolaris >>> (which seems to be tuned towards user/developers, not restricted >>> users), plug in a device to my machine, I expect reasonable permissions >>> *or* automated to tools to use that device. Therefore, whatever >>> permissions framework allows me to use this package of tools seems >>> reasonable to expect.<br> >> >> We're talking about privileges granted to a process, not how >> permissions on a device are set. They're different issues. >> > > Perhaps one of the issues is that we don't seem to have a good profile > for a essentially single user machine such as a workstation or laptop... Yes, that would certainly help.
It should be obvious that these are device administrator utilities, it's not unreasonable to have them all operate under one profile. If the members don't like the name of the profile that fits what is required, the team can make a new profile with the same permissions and a different name. As xiao said: All of these commands need to open the device tree files with read and write permission. The device tree files are by design of solaris owned by root, the following is an example: # ls -l /devices/pci at 0,0/pci1022,7458 at 1/pci11ab,11ab at 1/disk at 1,0:q,raw crw-r----- 1 root sys 27, 464 Nov 13 10:52 /devices/pci at 0,0/pci1022,7458 at 1/pci11ab,11ab at 1/disk at 1,0:q,raw So there really are no "read-only" (with respect to the device files) uses here. However, they may just read the actual SCSI device by sending read commands (requiring a write to the device). Since this is a familiarity case we need to be conscious of what the user experience is like on Linux and map that as appropriate to how Solaris works. -- mark
