On 5/11/07, Darren J Moffat <[EMAIL PROTECTED]> wrote:
Peter Tribble wrote:
> On 5/11/07, Richard L. Hamilton <[EMAIL PROTECTED]> wrote:
>>
>> Are there Java equivalents to enough of the priv_*(3c) and *(3secdb)
>> functions for a Java based GUI to be able to determine whether a user
>> would be able via pfexec to do what they wanted to?
>
> Not that I know of. It wouldn't be a bad idea to have a supported
> interface, as it would be very useful in other contexts. (For example,
> in jkstat and solview, it would be nice to know whether I have the
> appropriate privileges to run dtrace so I know whether it's worth
> launching chime. )
There are libsecdb interfaces in Java but they unfortunately aren't part
of a consolidation of Solaris that is open. They are inside the
implementation of smc(1M).
Shame we can't reuse that, but mention of smc (here, and John Brewer
mentioned it as well) is interesting. Are we just reimplementing smc?
I don't see that as a problem, btw.
As for manipulating privilege inside a Java application, you have to
remember that the JVM is a whole platform running in a single process
and threads in the JVM might represent different applications (think
J2EE) and when you change privileges it happens at the process layer.
I wasn't thinking about manipulating privileges (I've seen a java app
try that trick - it "worked" by accident under Linux Threads...), but
just knowing what privileges I already had so I could offer appropriate
behaviour.
--
-Peter Tribble
http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/
_______________________________________________
opensolaris-discuss mailing list
[email protected]
