From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1NHMTH-00042j-S4 for mharc-grub-devel@gnu.org; Sun, 06 Dec 2009 14:08:39 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NHMTG-00042U-Am for grub-devel@gnu.org; Sun, 06 Dec 2009 14:08:38 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1NHMTB-0003xL-Mq for grub-devel@gnu.org; Sun, 06 Dec 2009 14:08:37 -0500 Received: from [199.232.76.173] (port=40622 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NHMTB-0003xC-JN for grub-devel@gnu.org; Sun, 06 Dec 2009 14:08:33 -0500 Received: from mail-bw0-f215.google.com ([209.85.218.215]:59607) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1NHMTB-0008U7-6L for grub-devel@gnu.org; Sun, 06 Dec 2009 14:08:33 -0500 Received: by bwz7 with SMTP id 7so3396006bwz.26 for ; Sun, 06 Dec 2009 11:08:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type; bh=1TEBNsaxLzqMjUfHjRI9y2XIRTrofNVlqmk70A9sOKE=; b=kTl/RXLQnTcQ3CYnhyCE1gTJ9HZkS/oOkCwoZ39+Gs6dzsMW3JIxRXgHVcvNj/RQqd /KfaNS6cJQIM7INytc9SXASQ9RE1Th/rN3FTAGiOQD1/mJun5UyixMgTtq6C7gmmY/dw OK38fF1psRHg5nsa+9EWjqF0kLlX1yGd/dtXU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type; b=Ty2U/AjYA8v3utv7yDNiM2KfCpu3hYdvdljI+ZRqXohmV7AoLhiJu2FKq7ZYq3Oedt KKQUhZ8rP4YvXcoStkWJqQhpJCEpFfpg1yivPAR1nPhiK5ZJDggFLBoej5f2rc4nWuOp EYDX4R3KCjORhMkExL9SxRunc3tytPy3VL8AQ= Received: by 10.204.25.82 with SMTP id y18mr6081081bkb.137.1260126511853; Sun, 06 Dec 2009 11:08:31 -0800 (PST) Received: from debian.bg45.phnet ([81.62.189.176]) by mx.google.com with ESMTPS id 16sm1382600bwz.15.2009.12.06.11.08.30 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 06 Dec 2009 11:08:31 -0800 (PST) Message-ID: <4B1C0126.2040207@gmail.com> Date: Sun, 06 Dec 2009 20:08:22 +0100 From: =?UTF-8?B?VmxhZGltaXIgJ8+GLWNvZGVyL3BoY29kZXInIFNlcmJpbmVua28=?= User-Agent: Mozilla-Thunderbird 2.0.0.22 (X11/20091109) MIME-Version: 1.0 To: The development of GNU GRUB References: <4B1BF3BF.9010900@gmail.com> <4B1BF841.5000804@gmail.com> <4B1BF9DE.3070003@gmail.com> <4B1BFD11.70905@gmail.com> In-Reply-To: <4B1BFD11.70905@gmail.com> X-Enigmail-Version: 0.95.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigB854579E2F59EA30E2B2DFA2" X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Subject: Re: meaning of absent --users prameters. X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Dec 2009 19:08:38 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigB854579E2F59EA30E2B2DFA2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Bruce Dubbs wrote: > Vladimir '=CF=86-coder/phcoder' Serbinenko wrote: >> Bruce Dubbs wrote: >>> Vladimir '=CF=86-coder/phcoder' Serbinenko wrote: >>>> Hello. Currently authentication system works as following: >>>> >>>> menuentry "name" --users "a,b,c" { >>>> } >>>> Means that only superusers and users "a", "b" and "c" are permitted = to >>>> boot this menuentry. To allow only superusers to boot an entry one >>>> would >>>> need: >>>> menuentry "name" --users "" { >>>> } >>>> And absence of --users means "anyone can choose this entry". >>>> Unfortunately this is error-prone. Does anyone oppose to change it t= o: >>>> No --users: only superusers >>>> To have an unlocked entry you have to add --unlocked >>> First, what is the definition of a 'superuser'? Where does GRUB get >>> the information to make a decision. >>> >> Superusers are set on per-configuration basis with >> set superusers=3D >> these users are allowed to invoke shell and edit menu entries so there= >> is no reason to restrict which entries they are allowed to boot. >>> In any case, I'd recommend >>> >>> --users: superusers only >>> >>> or even >>> >>> --users: superusers >> I don't get what you mean > > I thought you were asking about a parameter to the menuentry command > > menuentry "name" --users "a,b,c" { > > I was recommending > > menuentry "name" --users superusers { > > Where superusers is a keyword implying all superusers. > Actually the real question is about interpretation of missing --users. Actually your suggestion --users superusers has a problem that user "superusers" may actually exist. BTW: menuentry "name" --users $superusers { is already accepted > -- Bruce > > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > http://lists.gnu.org/mailman/listinfo/grub-devel > --=20 Regards Vladimir '=CF=86-coder/phcoder' Serbinenko --------------enigB854579E2F59EA30E2B2DFA2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iF4EAREKAAYFAkscAS0ACgkQNak7dOguQgkaQwEAw22FyphNDm/5oFQHKYJ1gLBa 8RkTwLOuwySzaKrkqJQBAKX7Xr8I3YJTZRX6/vmVSSmNj7WHx2yglcmyKXfDD7Lf =EvYR -----END PGP SIGNATURE----- --------------enigB854579E2F59EA30E2B2DFA2--