http://bugzilla.novell.com/show_bug.cgi?id=514382
User jreidinger@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=514382#c41
Josef Reidinger changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |NEEDINFO
Info Provider| |kkaempf@novell.com
--- Comment #41 from Josef Reidinger 2009-10-27 08:01:40 MDT ---
Klaus - What I find also pending is bug 472752 . I discuss it with mvidner and
we find that the best solution is to remove Scr. It is problem with defining
permissions as often command contain variable part (like user name) so
permission based on arguments is problem. Also based it on program name is
problem, as it should grant too much strong permission (e.g. call
/usr/sbin/rccollectd status need all rights to manipulate with rccollectd).
So when we remove Scr, then there remaining 5 parts which use it:
PolicyKit calls- Yapi module which provide 4 simple actions is sufficient.
services - jsuchome says that he was prepare version which is in YaPI instead
of calling directly Scr
logs - it should be in own simple YaPI module which better restrict usage
status - to check if collectd running. I think there must be simplifier
solution, at least we should ask services model?
commandline - no one use it and it is security hole, so I suggest to drop it
before release.
Klaus - What do you think? Second solution is to create yapi module which run
commands same as Scr (but there is still problem with permissions). Mvidner
also try to improve Scr usage, but it is too much complicate( call dbus, yast,
agents etc.) and so danger thing should be clear to understand.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.