[ofa-general] [PATCH] infiniband-diags: terminate perl scripts with error if not root
Sasha Khapyorsky
sashak at voltaire.com
Sat May 31 06:41:19 PDT 2008
On 14:43 Thu 29 May , Timothy A. Meier wrote:
> I think this patch is fine, and helps solve the improper "usage" issue.
I will apply then.
> (btw - should we prefer the "adapter" spelling over "adaptor"?)
Originally it was added as "adaptor" with "adding -C, -P options" patch.
I have nothing against changing this to "adapter".
> My patch was addressing non-authorized use. Our philosophy was to not
> allow
> "any" sort of functionality (even help) if not authorized. Fail, and
> provide
> a reason/code.
Doesn't 'chmod 0700 /usr/local/sbin/ib*.pl' (as root) solve this?
> So rather than go through each perl script to see if the proper thing is
> done
> (return code is checked, error msg provided, terminate, etc.)
It is bug fixing... :)
> On 5-23, I submitted a patch which adds an auth_check() function to the
> common
> perl module. I agree, the implementation is non-ideal, but it is probably
> sufficient for the vast majority of installations.
>
> If you think the concept of an auth_check() function is
> desirable/acceptable,
> then I will pursue fixing the implementation in a more universal way.
Basically I think that idea of limited access is useful, but don't see
why simple 'chmod' is insufficient. And if it is not I think that
auth_check() should be optional (and of course not broken).
Sasha
More information about the general
mailing list