Scott Rotondo wrote: > I fully support the changes described here, but I have a couple of > comments/questions about minor details. > > 1. The man page should document the specific authorizations needed, just > as it used to document the specific privilege. It's fine to mention that > the Maintenance and Repair profile provides these authorizations, but > they could be provided by other profiles also. [In other words, the > authorization name is the real interface, not the profile name.] > >> Multiple -e and -d options can be specified on >> - the command line. Only users with the sys_admin >> - privilege can use this option. >> + the command line. Only users and roles belonging >> + to the "Maintenance and Repair" RBAC profile can >> + use this option. > > Suggest: Only users and roles with the solaris.smf.manage.coreadm and > solaris.smf.value.coreadm authorizations can use this option.
When researching the case, I was advised to look at the dladm man page. It takes the approach of documenting the necessary profile. I'm not wedded to either approach, though I have to say that the profile has the appeal of being an interface that can be more easily maintained in the face of implementation changes. i.e. if the previously documented mechanism actually worked, I would have been more concerned about changing coreadm from requiring privileges to requiring authorizations. If it had been documented in terms of the profile, there would be no cause for concern regardless of the change. Given this, the precedent set by dladm, and that in the common case coreadm users should just be using the provided profile (i.e. referring first to the profile makes the man page more useful documentation), would it instead be acceptable to document the authorizations in an auxiliary section (e.g. NOTES) leaving the profile as the "primary" documented interface? > 2. The text below may imply more than you intended: > >> + /var/cores >> + >> + Default depository for core files. >> + >> + > > It appears that this case creates the /var/cores directory but doesn't > change the default core file pattern to put core files there. Unless > I've overlooked that part of the proposal, the wording used at the end > of the man page is probably better: "Directory provided for global core > file storage" Good idea. Dave
