On 10/08/09 16:27, Jim Walker wrote:
Is there a reason why the pkg(1) commands don't
do a privilege check prior to performing a
command?
It is better to attempt an action and let it fail since assuming you
gracefully handle failures (which is required anyway) you do not
introduce a duplicate implementation of the policy analysis which must
be kept in sync with the real policy analysis for all possibilities
(i.e. might the ownership/permissions/acl on a directory specified by -R
affect which privileges you need?)
I think a separate analysis could also introduce an auditing burden on
the command to record the failed attempts that are currently covered by
hitting the real policy.
You could however add slightly gratuitous actions to test your ability
to carry out later tasks before doing something that takes a long time
or creates other inconveniences (like a partial update.)
-Will
For example, during image-update if you forget
the pfexec prefix it will go through the entire
time consuming download phase then bomb out do
to lack of privileges.
Why don't we check the privileges before the
download?
Other privileged pkg(1) and beadm commands have
similar issues.
Cheers,
Jim
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
