Quoth Tim Foster on Fri, Oct 03, 2008 at 02:28:07PM +0100: > One thing I wanted to have, was the general/action_authorization > property value get specified in the main service instead of declaring it > for each instance. For some reason, when I do that without having that > property also set in the instance manifests, the zfssnap user gets > permission denied when trying to enable/disable the service.
action_authorization is inherited. It does not permit enable/disable, however. It does permit temporary enable/disable. value_authorization is needed to modify general/enabled, which permits persistent enable/disable. value_authorization is not inherited. It would be logical to think that the fix for 5105087 would have changed that, but it didn't. I don't remember why. I probably minimized inheritence to minimize security implications. It seems logical now, so file an RFE. David
