On Tuesday, August 30, 2005 03:50:13 PM +0100 Darren J Moffat <Darren.Moffat%Sun.COM@localhost> wrote:
In Solaris processes have privileges - this is the breakup of the all powerful root. A process has a number of different privilege sets: E - Effective Set: What I'm using now. P - Permitted Set: Max I can use. I - Inheritable Set: What I give to children. L - Limit Set: Max children can get. Given that I think your packet needs a place to specify the privilege set as well for this to be useful on Solaris. We could assume the effective set is what you wanted to manipulate since it sounds like that matches your Windows view, but it would be better to allow it to be explicit.
I don't think so. In the context of sftp, the only interesting set of privileges are those actually used to perform operations on behalf of the user. Exactly which set is relevant is going to vary depending on the operation in question and how it is implemented (for example, the server might decide to do some operations in a subprocess). The client has no business knowing whether the sftp server has children or what privileges they might have.
Similarly, just because the client says "enable this privilege" doesn't mean the entire sftp server needs to run with that privilege all the time. It would be entirely reasonable for an implementation to enable them only when accessing files on the user's behalf.
I would suggest adding an operation to fetch the current set of privileges and/or the set of all permitted privileges. The latter would have to be computed by the server based on what privileges are actually permitted to it, what it needs to perform various operations, and local policy. For example, an sftp server might run with privileges which it is not willing to make available to the user.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+%cmu.edu@localhost> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA