>Then add an option to pfexec that only checks if something should be >permitted, returns zero/non-zero, and writes not a message, but >a stable code that could be expanded to a message (so as to leave >localization up to whatever reads that code) to its stdout. That would >take care of things by doing everything but exec'ing the command, and >by adding a code separate from the return code (which really shouldn't >be more than zero/non-zero if I understand correctly) to provide further >detail as to the error. Might as well create a library routine that >takes care of calling that via popen() or whatever, too, allowing reasonably >easy pre-validation, consistent with the actual checks, and with >program-readable failure details. > >Or at any rate, whether it's implemented like that or some other way, IMO >the RBAC framework itself ought to provide something with that sort of >functionality.
Absolutely. But "pfexec" itself has no knowledge of the permissibility of the commands either. (It just knows whether or not a certain application can be executed with additional privileges; not whether it can be executed at all; it also does not know whether a specific application has a builtin authorization check; pfexec then becomes irrelevant, etc) This is a difficult nut to crack and perhaps there will, in the end, be no other option than to look at the RBAC database or invent some policy description language which is used for both GUI and RBAC. Casper _______________________________________________ opensolaris-discuss mailing list [email protected]
