Nicolas Williams wrote: >> It might be desirable to come up with semantics for per-user services, and >> if we ever did then that would help to further move away from the cron >> legacy, but I think it would be a mistake to consider such an expansion to >> be a prerequisite for this initial transition. > > Agreed, but don't paint yourself into any corners. > > Users could interact, basically by using svccfg. You'd have a service > name pattern that corresponds to users, say, > > svc:/system/scheduled/users/<username>/<job-name> > > but you'd need a way to delegate authorization to them, and to enforce > the method_context of such services to match the user's -- probably just > forcing the restarter to be the new cron should do to force the method > context, since that could then enforce the method_context via pam(3PAM)/ > pam_unix_cred(5). In fact, the restarter should very much use PAM to > setup most of the method context for user jobs.
Perhaps all that would be needed to support per-user services of all kinds (start-at-boot services, start-by-clock services, start-by-network-request services, ...) would be to check that the method context matches the requesting user (or force that it does), plus a bit of per-restarter security like ensuring that only root can use reserved network ports. There's probably a lot more minutiae like permissions on log files that would have to be addressed, and probably some stuff related to authorizations for manipulating the services. I don't know whether I'd cordon off namespace for them. Probably, though it would probably be at the top of the hierarchy (svc:/users/<username>/<service>). That way there would be an "absolute" FMRI that could be used to refer to any user's services, and individual users could use partial FMRIs to refer to their own services. BTW, I most specifically would *not* cordon off namespace for cron jobs. I would want to put cron jobs "near" any associated "normal" services. If I had a cron job that did some kind of idmap-related maintenance, I would want it to be somewhere near svc:/system/idmap. > But this could come all later. Yes. I think it's almost completely orthogonal to SMF-izing installed cron jobs.
