[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: meaning of absent --users prameters.
From: |
Vladimir 'φ-coder/phcoder' Serbinenko |
Subject: |
Re: meaning of absent --users prameters. |
Date: |
Sun, 06 Dec 2009 19:37:18 +0100 |
User-agent: |
Mozilla-Thunderbird 2.0.0.22 (X11/20091109) |
Bruce Dubbs wrote:
> Vladimir 'φ-coder/phcoder' Serbinenko wrote:
>> Hello. Currently authentication system works as following:
>>
>> menuentry "name" --users "a,b,c" {
>> }
>> Means that only superusers and users "a", "b" and "c" are permitted to
>> boot this menuentry. To allow only superusers to boot an entry one would
>> need:
>> menuentry "name" --users "" {
>> }
>> And absence of --users means "anyone can choose this entry".
>> Unfortunately this is error-prone. Does anyone oppose to change it to:
>> No --users: only superusers
>> To have an unlocked entry you have to add --unlocked
>
> First, what is the definition of a 'superuser'? Where does GRUB get
> the information to make a decision.
>
Superusers are set on per-configuration basis with
set superusers=<list>
these users are allowed to invoke shell and edit menu entries so there
is no reason to restrict which entries they are allowed to boot.
> In any case, I'd recommend
>
> --users: superusers only
>
> or even
>
> --users: superusers
I don't get what you mean
> -------
> -- Bruce
>
>
> _______________________________________________
> Grub-devel mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/grub-devel
>
--
Regards
Vladimir 'φ-coder/phcoder' Serbinenko
signature.asc
Description: OpenPGP digital signature