Shawn Walker wrote: > On Fri, Mar 28, 2008 at 11:40 AM, Tim Knitter <[EMAIL PROTECTED]> wrote: >> >> Tom, >> >> >> > Tim, >> > A few questions/comments: >> > >> > 1. How will this work for user images being manipulated by non-root users? >> > >> >> It won't since only root can manage Boot Environments. I'll have to add >> an uid check and skip the recovery stuff for user images. > > If I might interject, why a uid check? >
EOU. > Can't users with a uid other than zero technically perform these > operations with sufficient privileges? > Sure using pfexec or an assigned role via rbac. > The last time I asked another Sun engineer about this, he said the > correct way to deal with these operations was to attempt them, and if > they fail with a permissions error, you know you can't do it :-) > Well if we went that route currently libbe would spit out a permission denied message for the following operation: line1-x2100% pkg -R /export/home/utest install [EMAIL PROTECTED] be_create_snapshot: recursive snapshot of rpool/ROOT/[EMAIL PROTECTED]::2008-03-28-16:29:03 failed: permission denied pkg: unable to create auto snapshot. Which is ok however in this case it would probably produce a lot of support noise and confusion since the recovery feature is secondary to the success/failure of the pkg operation. Tim _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
