On 28/07/2010 04:58, Gary Winiger wrote:
This seems to me to be an incompatible change that doesn't
need to be made. If before this project, sys_config was
the privilege that allowed sharing, it should continue
to allow sharing. In addition sys_share should allow
sharing. I believe it was already determined that
sys_config cannot/should not/must not be granted to a NGZ.
While it is an incompatible change I believe it is perfectly acceptable
because the provider RBAC profiles we provide for sharing are still
"legacy" suser with uid=0 (ie all privs).
More importantly we don't document libshare or sharefs at all and the
share_nfs(1M), share(1M), sharemgr(1M) man pages (which are the only
supported interfaces for sharing filesystems) don't document which
privileges are required either. It is sharefs that makes the privilege
check against sys_config today.
So really this is currently an implementation detail of libshare and
sharefs today.
If the project wishes to make this incompatible change,
please justify it (and perhaps how it would be mitigated for
all existing users of sys_config to share).
The definition of sys_config provided by 'ppriv -lv sys_config' or the
privileges(5) man page don't document that sys_config is checked for
sharing NFS (or CIFS) filesystems.
There is a change in which privilege is checked but I think it is
perfectly acceptable and shouldn't be visible as an incompatible change
except to those people who have reverse engineered what privileges they
think share_nfs(1M) needs to have.
So the case gets my +1 as specified.
--
Darren J Moffat
_______________________________________________
opensolaris-arc mailing list
[email protected]
