>> >> >> It's not specific to the packaging system. Users >> >> with the >> >> Software Installation profile can run pkgadd/pkgrm >> >> via pfexec, >> >> no root access needed. >> > >> >Are there Java equivalents to enough of the >> priv_*(3c) and *(3secdb) >> >functions for a Java based GUI to be able to >> determine whether a user >> >would be able via pfexec to do what they wanted to? >> >> >> I think that the best way to do that is just run the >> commands and make >> sure they fail appropriately when they can't be run >> and have that >> error reported back., >> >> If not, you will have two implementations of >> essentially the same access >> mechanism and they are bound to drift out of sync >> over time. >> >> Casper > >I can think of three reasons why a GUI could do a better job if it knew in >advance what was likely to be allowed: > >* it could alter the view it presented to only show allowed functionality (or >at least gray out > that which was not allowed) > >* it could provide better indications of failure due to privileges; even if it >detected > return codes and captured stderr for possible display, doing things like > parsing that > captured output to provide detailed help would be even more likely to break > >* it might sometimes be faster/more efficient to detect in advance what would >fail than > to actually try and then have it fail.
Yes, but would it be worth the bugs? It is only sensible to implement it this way if there was only a single implementation used by both GUI and actual implementation. If not, then coding this in the GUI makes no sense at all as even when it is done flawlessly today (it won't) the code will be wrong tomorrow. Casper _______________________________________________ opensolaris-discuss mailing list [email protected]
