-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Fahad Sadah:
Out of interest, how would these limited rights be implemented?
using a set of small, secure setuid programs i would write for the purpose.
we can't use sudo because there's no way to say "allow this user to run kill as root as long as he's only killing a user process". furthermore we would want to make sure the user sends an explanation to the user whose process was killed.
we can't use MySQL permissions because there's no way to let a user view all threads except the replication thread (which could expose private data).
we can't use Solaris RBAC (pfexec) for the same reason as sudo. however, RBAC _does_ allow fine-grained privileges (unlike sudo), and we could use RBAC to implement authorisation to use the setuid utilities. however, i won't do it this way because then it wouldn't work on Linux, which doesn't support RBAC.
- river.