| To: | Dave Brolley <brolley@xxxxxxxxxx> |
|---|---|
| Subject: | Re: PCP Updates: pmlogger AF_UNIX socket for normal users; qa version check bump |
| From: | fche@xxxxxxxxxx (Frank Ch. Eigler) |
| Date: | Thu, 06 Mar 2014 11:26:02 -0500 |
| Cc: | pcp@xxxxxxxxxxx |
| Delivered-to: | pcp@xxxxxxxxxxx |
| In-reply-to: | <5318966A.2080600@xxxxxxxxxx> (Dave Brolley's message of "Thu, 06 Mar 2014 10:38:18 -0500") |
| References: | <53075D46.6090807@xxxxxxxxxx> <1734063835.17483667.1393481715436.JavaMail.zimbra@xxxxxxxxxx> <53175AAC.5050706@xxxxxxxxxx> <y0ma9d4e93m.fsf@xxxxxxxx> <5318966A.2080600@xxxxxxxxxx> |
| User-agent: | Gnus/5.1008 (Gnus v5.10.8) Emacs/21.4 (gnu/linux) |
brolley wrote: > [...] > I suggest teaching it something similar to what is allowed for pmcd, > if needed. i.e. > > allow users userlist : operations ; > disallow users userlist : operations ; > allow groups grouplist : operations ; > disallow groups grouplist : operations ; The reason we can't have exactly that is because we don't have user/group databases/authentication in effect for the pmlc-pmlogger connection. (I don't think we really want to go there either.) > I agree with Nathan that same-uid and same-gid should always be > allowed full access. This is not obviously appropriate. GID's can be shared amongst many people, and we definitely don't want to hard-code that kind of trust. The same-UID one is arguable. A person may want to prevent accidental runtime modification of his logger, even by his own future processes. - FChE |
| Previous by Date: | Re: [pcp] PCP Updates: pmlogger AF_UNIX socket for normal users; qa version check bump, Dave Brolley |
|---|---|
| Next by Date: | Delivery In Progress, FedEx Delivery Express Service |
| Previous by Thread: | Re: PCP Updates: pmlogger AF_UNIX socket for normal users; qa version check bump, Dave Brolley |
| Next by Thread: | Re: [pcp] PCP Updates: pmlogger AF_UNIX socket for normal users; qa version check bump, Nathan Scott |
| Indexes: | [Date] [Thread] [Top] [All Lists] |