Sebastien Roy wrote: > On Mon, 2009-03-02 at 15:44 -0800, Mark Logan wrote: >> Sebastien Roy wrote: >>> On Mon, 2009-03-02 at 14:38 -0800, Phi Tran wrote: >>> >>>> The following RBAC authorizations and profile will be added. >>>> >>>> Authorization Names: >>>> solaris.admin.parted.:::Partition Editor::help=AuthPartedHeader.html >>>> solaris.admin.parted.write:::Edit Partitions::help=AuthPartedWrite.html >>>> >>> Is there a technical reason why reading partition information would >>> require a special authorization? >>> >> Parted needs permission to access the raw disk device. > > Okay, and how is this authorization related to having permission to > access the raw device? Is there an exec_attr entry for parted under the > new "Edit Partitions" profile that includes the actual privilege > required to access raw disk devices?
Yes, file_dac_read and sys_devices are needed. The write authorization will be needed for editing. Phi > > In any case, +1 from me, my questions are quite minor. > > Thanks, > -Seb > > >
