Glenn Brunette wrote: > By "system files" do you mean the contents of /etc/apache2? At > least in Nevada, there is now only one file that is not marked > as editable: > > /etc/apache2/httpd.conf-example f none 0644 root bin 16694 30581 > 1187823644 SUNWapch2r > > which I think is a bug and will file one if I do not see one existing. > All of the files (even in Solaris 10) in /etc/apache2 are/should be > editable by end users. If they are not - it is a bug IMHO. > Great to hear... So maybe we could do the change for sxde b79... Or maybe a post configuration step to enable user ludo to use the webstack could do:
# setfacl -m user:ludo:rw- httpd.conf # setfacl -m mask:rw- httpd.conf as Jyri suggested to me? What about log files and the entire htdocs content if user 'ludo' wants to deploy apps there? Ludo > That said, as the author of the BluePrint, I should have noted > that issue in the paper. I would make a note if I ever do an > update to address this point. > > g > > Jyri Virkki wrote: > >> Darren J Moffat wrote: >> >>> Restricting Service Administration in the Solaris 10 Operating System >>> >>> http://www.sun.com/blueprints/0605/819-2887.pdf >>> >>> That is the recommended approach, it is a superset of what you have done. >>> >> Hm, this document also changes (p.10) ownership of system files under >> /etc which are not marked as editable in their package prototype. >> >> >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/webstack-discuss/attachments/20071031/4e61c093/attachment.html>
