On Fri, Mar 28, 2008 at 12:53 PM, Tim Knitter <[EMAIL PROTECTED]> wrote: > > > Shawn Walker wrote: > > On Fri, Mar 28, 2008 at 11:40 AM, Tim Knitter <[EMAIL PROTECTED]> wrote: > >> > >> Tom, > >> > >> > >> > Tim, > >> > A few questions/comments: > >> > > >> > 1. How will this work for user images being manipulated by non-root > users? > >> > > >> > >> It won't since only root can manage Boot Environments. I'll have to add > >> an uid check and skip the recovery stuff for user images. > > > > If I might interject, why a uid check? > > > > EOU. > > > > Can't users with a uid other than zero technically perform these > > operations with sufficient privileges? > > > > Sure using pfexec or an assigned role via rbac. > > > > The last time I asked another Sun engineer about this, he said the > > correct way to deal with these operations was to attempt them, and if > > they fail with a permissions error, you know you can't do it :-) > > > > Well if we went that route currently libbe would spit out a permission > denied message for the following operation: > > line1-x2100% pkg -R /export/home/utest install [EMAIL PROTECTED] > be_create_snapshot: recursive snapshot of > rpool/ROOT/[EMAIL PROTECTED]::2008-03-28-16:29:03 failed: permission denied > pkg: unable to create auto snapshot. > > Which is ok however in this case it would probably produce a lot of > support noise and confusion since the recovery feature is secondary to > the success/failure of the pkg operation.
I just want to be clear that I wasn't implying that a permsisions *check* should be done. Rather, that you should attempt the operation, and if you can't do it, fail just as you normally would. It should be clear that it failed because of permissions though. That, from what I understand, is what was suggested to me by the other Sun engineer. -- Shawn Walker, Software and Systems Analyst http://binarycrusader.blogspot.com/ "To err is human -- and to blame it on a computer is even more so." - Robert Orben _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
