[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [E-devel] Priviledged Execution
Nathan Ingersoll wrote:
thnx for all the comments and suggestions, I'm outlining my rough
thought here for final crucifixion before i go ahead and start implementing:
On 11/7/06, Michael Jennings <email@example.com> wrote:
K.I.S.S. -- Keep It Simple, for fuck's Sake.
Heh, that's what I thought I was arguing. If we add complexity at this
level, then it just gets compounded by all the other layers of
complexity that might be below that.
2. Don't dictate to the system admin (i.e. if he wants to use groups to
control access fine, we should be able to still live with or without his
3. We should be able to function properly when no one is logged on.
1. When starting check if someone is already logged on.
If logged on:
Are we root? if yes - continue, we love you
if not do we have write permissions on the file? - Continue we
if not -
inform d00d and ask said d00d to save to alternate location.
if not logged on:
Attempt to authenticate as root. If pass - continue we love you
if fail - d00d... contact your system admin
1. When root is logged on, [s]he can edit run without problems
2. When another user is logged on, [s]he can run IF they have write
permissions on that file (so the sys admin can decide to use groups to
control access too)
3. When logged on, Any user that is neither root, nor have write access
to the config file, can run entrance_edit_gui, but will only be able to
save an alternate config file, not the *main* one.
4. When not logged on, you MUST supply the root password before we
launch, else no show.
There... we have it... GPC (Goal, Plan, Consequences ;)), I'll
appreciate any more crucifixion on said plan before i start
implementing... what i'll do tonite, is make that authentication code in
entrance easily reusable.