Conversation
| RBAC involves collecting a select number of privileges and bundling these | ||
| together as a role. A user can then be assigned one, or several roles. | ||
|
|
||
| OpenIndia supports all these frameworks. |
There was a problem hiding this comment.
perhaps, rephrase, like "OpenIndiana supports both mechanisms for granting subset of privileges to a user".
There was a problem hiding this comment.
RBAC is work-in-progress and the material already presented will be drastically changed, and a lot more material is required, but for the present text, your suggestion is better. ok
| and defaults to vi. If you'd prefer to use another editor, for example emacs, | ||
| call visudo as follows: `EDITOR=emacs visudo` | ||
|
|
||
| More flexible, however, is assigning one or several commands to a number of |
There was a problem hiding this comment.
'group' has such a fixed interpretation that I specifically wanted to avoid using 'group' and its associated Unix connotations, just a collection of users and later form the group:
But this is so small and trivial that I can go with your suggestion. ok
| The above example is a simple mechanism in which an account is assigned one, or | ||
| more administrative commands in which to carry out administrative | ||
| duties. However, this does not scale particularly well. On a system with a small | ||
| number of users this system might be sufficient. On a system with several |
There was a problem hiding this comment.
'this system might be' => 'this might be'
There was a problem hiding this comment.
yep, an improvements
| example, printers attached to the system. A more desirable system would be one | ||
| in which this user had the ability to permit users to use a printing device, | ||
| remove print jobs from the print spool, add new printers to the system, ... | ||
| remove print jobs from the print spool, add new printers to the system, |
There was a problem hiding this comment.
Should it be ended by '.'?
There was a problem hiding this comment.
Sentence ends with ",". should end with "."
| - A role is accessible via login. | ||
| - A role can be accessed by a user only if the user explicitly changes user id, | ||
| i.e., su whatever_role | ||
| - A special shell is used for all role accounts, i.e., _pkfsh or pfsh. |
| ``` | ||
|
|
||
| ### System shutdown, reboot, ... | ||
| ### System shutdown, reboot, |
There was a problem hiding this comment.
'.' in the end of sentence
There was a problem hiding this comment.
Remove "," in the end of sentence
|
Everything up to RBAC should be to a first iteration complete. The RBAC section needs a lot more work: examples, why it is an improvement over sudo, etc |
|
Please, rebase on head and squash commits into one. |
|
please, rebase branch against master |
|
|
||
| This can be implemented as follows: | ||
|
|
||
| - For each task, create a group (more about groups later) |
There was a problem hiding this comment.
Where? We reference to group description, but do not provide it. Likely, have to remove reference.
| example, printers attached to the system. A more desirable system would be one | ||
| in which this user had the ability to permit users to use a printing device, | ||
| remove print jobs from the print spool, add new printers to the system, ... | ||
| remove print jobs from the print spool, add new printers to the system, |
There was a problem hiding this comment.
Sentence ends with ",". should end with "."
| - Role: A special type of user account that can be directly logged into using su | ||
| only. | ||
| Think of a role as a container to perform administrative tasks. | ||
| - Role Shell: (pfksh or ksl) is a special shell and is used to consult the RBAC |
There was a problem hiding this comment.
ksl -> pfsh ?
"and is used to consult" -> "which consults"
| ``` | ||
|
|
||
| ### System shutdown, reboot, ... | ||
| ### System shutdown, reboot, |
There was a problem hiding this comment.
Remove "," in the end of sentence
|
Your last commit looks suspicious. |
|
Looks like a botched rebase or merge. @mebenn can you clean up the history please? |
|
I fear the situation here is getting worse. There are now a lot of conflicts and not all of these are because of rebasing. The original commits were 4+ years ago. It looks like much of that content is still relevant, but will need to be extracted into a new PR. |
|
Not sure whether it is worth saving the contents; except for the comments from the reviewers, which are good. This whole sections needs a rewrite as it stands and the material in this PR will not significantly help. I originally tried to document RBAC which is a wonderful feature, but, I found, tricky to describe. My description became to wordy. Worse, I had to describe peripheral things like sudo, root, users, groups, .... I think the better approach would be to document the entire block and create one PR off the current head instead of trying to clean up history which will never result in anything of adequate quality. Unfortunately, this would require me to invest some work to document RBAC before creating a PR: but it will not be completed for some time. I also had a closer look at the merge conflicts: there are loads of them and cherry picking was not easy. My suggestion is to dump this PR. |
|
That last force push has erased all of the content from this PR. I had been planning to cherry pick some parts. I don't think that is possible now - unless you still have the changes locally? |
|
Yes, that was intended. I'm rewriting/cleaning-up the Accounts Management section (User, Groups, System & RBAC). That's all todo for me now. As soon as I'm am finished, there will be a fresh PR. |
5 participants
No description provided.