On Thu, 29 Mar 2012 11:04:57 +0200 Lukas Ocilka <lukas.ocilka@suse.cz> wrote:
On 03/27/2012 06:02 PM, Lukas Ocilka wrote:
Hi,
I've created an overview drawing of two different solutions for Gloves permissions/roles: low vs high level of roles. See http://bit.ly/Hd20ef
Frankly, it seems that neither of them can fully support roles hierarchy as it is presented here: http://bit.ly/GQ8pvZ (or it needs quite a complicated approach how to do that)
We've been discussing this from a different point of view with Michal today: The low-level-perms (on path) make it impossible to configure dynamically created sysconfig files for network (/etc/sysconfig/network/ifcfg-*), whereas the high-level-perms (Network Admin) don't care about specific files (but YLib has to take care about security itself).
Bye Lukas
Well, that is not exactly true, as for this specific purpose I plan to create third agent - directory agent, which have permission to create/read/modify/delete any file in directory ( read and modify have almost identical interface as FileAgent ) So you can have permission for directory "/etc/sysconfig/network/" and then you can handle all files in this directory. For me it is still low-level operation and don't need any logic from upper layer. We just need to ensure, that we handle correctly paths ( no path escaping anywhere ). Josef -- Josef Reidinger Software Engineer Appliance Department SUSE LINUX, s. r. o. Lihovarska 1060/12 190 00 Praha 9 Czech Republic jreidinger@suse.com SUSE -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org To contact the owner, e-mail: yast-devel+owner@opensuse.org