William Young wrote:
On 10/08/09 16:27, Jim Walker wrote:
Is there a reason why the pkg(1) commands don't
do a privilege check prior to performing a
command?
It is better to attempt an action and let it fail since assuming you
gracefully handle failures (which is required anyway) you do not
introduce a duplicate implementation of the policy analysis which must
be kept in sync with the real policy analysis for all possibilities
(i.e. might the ownership/permissions/acl on a directory specified by -R
affect which privileges you need?)
I think a separate analysis could also introduce an auditing burden
on the command to record the failed attempts that are currently covered
by hitting the real policy.
I understand.
You could however add slightly gratuitous actions to test your
ability to carry out later tasks before doing something that takes a
long time or creates other inconveniences (like a partial update.)
Right. Where possible, you could do quick tests with the privileged
resources prior to potentially long operations. This would allow
the error messages to be more informative and improve the newbee
experience especially.
Cheers,
Jim
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
