> > >> It's not specific to the packaging system. Users > >> with the > >> Software Installation profile can run pkgadd/pkgrm > >> via pfexec, > >> no root access needed. > > > >Are there Java equivalents to enough of the > priv_*(3c) and *(3secdb) > >functions for a Java based GUI to be able to > determine whether a user > >would be able via pfexec to do what they wanted to? > > > I think that the best way to do that is just run the > commands and make > sure they fail appropriately when they can't be run > and have that > error reported back., > > If not, you will have two implementations of > essentially the same access > mechanism and they are bound to drift out of sync > over time. > > Casper
I can think of three reasons why a GUI could do a better job if it knew in advance what was likely to be allowed: * it could alter the view it presented to only show allowed functionality (or at least gray out that which was not allowed) * it could provide better indications of failure due to privileges; even if it detected return codes and captured stderr for possible display, doing things like parsing that captured output to provide detailed help would be even more likely to break * it might sometimes be faster/more efficient to detect in advance what would fail than to actually try and then have it fail. This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
