On 7/28/10 2:26 AM, Darren J Moffat wrote:
On 28/07/2010 04:58, Gary Winiger wrote:
This seems to me to be an incompatible change that doesn't
need to be made. If before this project, sys_config was
the privilege that allowed sharing, it should continue
to allow sharing. In addition sys_share should allow
sharing. I believe it was already determined that
sys_config cannot/should not/must not be granted to a NGZ.
While it is an incompatible change I believe it is perfectly acceptable
because the provider RBAC profiles we provide for sharing are still
"legacy" suser with uid=0 (ie all privs).
That's a fine justification for the legacy. "It can be
incompatible because it was never exposed."
There is a change in which privilege is checked but I think it is
perfectly acceptable and shouldn't be visible as an incompatible change
except to those people who have reverse engineered what privileges they
think share_nfs(1M) needs to have.
So the case gets my +1 as specified.
Agreed.
+1.
Gary..
_______________________________________________
opensolaris-arc mailing list
opensolaris-arc@opensolaris.org
