From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1NHMCK-0002UQ-9I for mharc-grub-devel@gnu.org; Sun, 06 Dec 2009 13:51:08 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NHMCJ-0002Tw-KD for grub-devel@gnu.org; Sun, 06 Dec 2009 13:51:07 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1NHMCE-0002RD-VF for grub-devel@gnu.org; Sun, 06 Dec 2009 13:51:07 -0500 Received: from [199.232.76.173] (port=40154 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NHMCE-0002RA-SP for grub-devel@gnu.org; Sun, 06 Dec 2009 13:51:02 -0500 Received: from mail-yx0-f191.google.com ([209.85.210.191]:39987) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1NHMCE-00073G-Fe for grub-devel@gnu.org; Sun, 06 Dec 2009 13:51:02 -0500 Received: by yxe29 with SMTP id 29so10509576yxe.14 for ; Sun, 06 Dec 2009 10:51:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=J/OyeHcKgZRZTorqltg/UtMMO7DItJ/raSDGY0Duftg=; b=QwPZeV8OROLm9le+/Y6032ikIeQTDr4nlsb7pGUQFGlX+1+xn/kn1jvcU3VhU4WBp0 tC9HNxFX2U2XviUjiZ4Zod2ByqHPmSvu4FyVzfTJ3nJidPI7c85FomtQpKpXSuA70ZU0 2OLqdgvxVtKMmFVsRsx+tFOavY78R0t00h2YA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=Hm30s7QTfRMg9uYFE+SrB/m3O5TEb5ZTORaXQ3D+yxa+xTomDyxDuf0zhA8y0h/Mti embGP8laKDtQmTC6qRFOQCGZO0vJsDqnUx3O3wLaQLHI7DGqDzAMvjQ8N7tOQFNNGeLT v27jOU8PGHf1TaCj2NFHIAIsIWWIJNQyyt2bk= Received: by 10.90.40.31 with SMTP id n31mr9372645agn.4.1260125461802; Sun, 06 Dec 2009 10:51:01 -0800 (PST) Received: from ?192.168.0.75? (cpe-66-69-97-231.satx.res.rr.com [66.69.97.231]) by mx.google.com with ESMTPS id 23sm2244989yxe.36.2009.12.06.10.51.00 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 06 Dec 2009 10:51:00 -0800 (PST) Message-ID: <4B1BFD11.70905@gmail.com> Date: Sun, 06 Dec 2009 12:50:57 -0600 From: Bruce Dubbs User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080722 SeaMonkey/1.1.11 MIME-Version: 1.0 To: The development of GNU GRUB References: <4B1BF3BF.9010900@gmail.com> <4B1BF841.5000804@gmail.com> <4B1BF9DE.3070003@gmail.com> In-Reply-To: <4B1BF9DE.3070003@gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Subject: Re: meaning of absent --users prameters. X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Dec 2009 18:51:07 -0000 Vladimir 'φ-coder/phcoder' Serbinenko wrote: > Bruce Dubbs wrote: >> Vladimir 'φ-coder/phcoder' Serbinenko wrote: >>> Hello. Currently authentication system works as following: >>> >>> menuentry "name" --users "a,b,c" { >>> } >>> Means that only superusers and users "a", "b" and "c" are permitted to >>> boot this menuentry. To allow only superusers to boot an entry one would >>> need: >>> menuentry "name" --users "" { >>> } >>> And absence of --users means "anyone can choose this entry". >>> Unfortunately this is error-prone. Does anyone oppose to change it to: >>> No --users: only superusers >>> To have an unlocked entry you have to add --unlocked >> First, what is the definition of a 'superuser'? Where does GRUB get >> the information to make a decision. >> > Superusers are set on per-configuration basis with > set superusers= > these users are allowed to invoke shell and edit menu entries so there > is no reason to restrict which entries they are allowed to boot. >> In any case, I'd recommend >> >> --users: superusers only >> >> or even >> >> --users: superusers > I don't get what you mean I thought you were asking about a parameter to the menuentry command menuentry "name" --users "a,b,c" { I was recommending menuentry "name" --users superusers { Where superusers is a keyword implying all superusers. -- Bruce