It seems more effort has been put into arguing why not to do a simple RBAC profile for these command than it would have actually taken do it it.
If the project team doesn't actually know what privilege the commands need to run then I'd say they architecture isn't ready for review. Just saying that they all might need to run with euid=0 isn't good enough in my opinion - particularly given how dangerous some of these commands can be. We aren't asking for anything really complex we aren't even asking for a single line of code change. Given that all of these commands need to actually be tested to work before integration all that needs to be done is work out what privileges they need when their functionality testing is being done. The ppriv command with -D should be enough here. I believe the project team has already done some if not all of this. On the other hand I think Jim and Casper may have a good point here that because these commands are so possibility dangerous we wouldn't actually want to hand them out to some one via an RBAC profile because what can be done with them could be essentially equivalent to handing out all privs and uid=0 anyway. If that is the case then I'll agree no RBAC profile for these is necessary - but might still be nice to have. I'm not going to hold up this cases any further. I'm getting to the point I think that ARC review is useless given all the push back we get from project teams about doing anything with respect to the ARC best practices. -- Darren J Moffat
