Quoth Gary Winiger on Wed, Jan 14, 2009 at 05:47:37PM -0800: > From out conversation today, I said I'd deleted too much and didn't > have a thread to reply to. Now that I do, I forgot to note > coordination with the audit project team (gww ;-) for adding > any audit records for the new configd commands.
Right. We'll work with you on that. > > Quoth Nicolas Williams on Wed, Jan 14, 2009 at 02:07:27PM -0600: > > > Q1: How is delmanifest implemented w/ regards to RBAC? Must svccfg(1M) > > > run with privilege in order to perform delmanifest, or is this > > > implemented as a door call to svc.configd? > > > > I expect it to be implemented as a door call to svc.configd, and > > I expect that it will require whatever privileges would be required > > today to delete the services in question. > > Here, I'd expect configd to be checking authorizations -- likely > we'll need to add something in the way of authorizations for this > project -- then configd to do the real work because it runs with > sufficient privilege. I wouldn't expect it to change it's model > of svccfg running without privilege and configd interpreting > authorization of the caller of svccfg. Yes, svc.configd will do the authorization checking. For delmanifest specifically, since solaris.smf.modify is the only authorization which permits service or instance deletion, svc.configd will require it for the delmanifest operation also. You're right that I'm not proposing any change to authorization model. David
