Mailinglist Archive: yast-devel (48 mails)

< Previous Next >
Re: [yast-devel] Gloves: Permissions Overview
On Thu, 29 Mar 2012 11:04:57 +0200
Lukas Ocilka <lukas.ocilka@xxxxxxx> wrote:

On 03/27/2012 06:02 PM, Lukas Ocilka wrote:
Hi,

I've created an overview drawing of two different solutions for
Gloves permissions/roles: low vs high level of roles. See
http://bit.ly/Hd20ef

Frankly, it seems that neither of them can fully support roles
hierarchy as it is presented here: http://bit.ly/GQ8pvZ (or it
needs quite a complicated approach how to do that)

We've been discussing this from a different point of view with Michal
today: The low-level-perms (on path) make it impossible to configure
dynamically created sysconfig files for network
(/etc/sysconfig/network/ifcfg-*), whereas the high-level-perms
(Network Admin) don't care about specific files (but YLib has to take
care about security itself).

Bye
Lukas


Well, that is not exactly true, as for this specific purpose I plan to
create third agent - directory agent, which have permission to
create/read/modify/delete any file in directory ( read and modify have
almost identical interface as FileAgent )
So you can have permission for directory "/etc/sysconfig/network/" and
then you can handle all files in this directory. For me it is still
low-level operation and don't need any logic from upper layer. We just
need to ensure, that we handle correctly paths ( no path escaping
anywhere ).
Josef

--
Josef Reidinger
Software Engineer Appliance Department

SUSE LINUX, s. r. o.
Lihovarska 1060/12
190 00 Praha 9
Czech Republic

jreidinger@xxxxxxxx
SUSE
--
To unsubscribe, e-mail: yast-devel+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: yast-devel+owner@xxxxxxxxxxxx

< Previous Next >