> From: Ed Fishel
> 
> I agree with you and with John Earl. It might be useful to point out
that
> in a well designed application you do not need to give users *USE
> authority to another, more powerful, user profile.

I agree, Ed.  My position is exactly that: in order to swap profiles,
you should execute program that adopts the authority to do so.  This
provides much tighter control.


> This is a useful way to gain authority
> to functions of the system that do not support adopted authority.

Yes, especially since the IFS system tends to ignore adopted authority.


> The combination of adopting and swapping is more tricky to use when
the
> program is owned by a user profile that has *ALLOBJ special authority
and
> needs to swap to a less powerful user profile. After the swap the
program
> will still have all its adopted authority. Fortunately, there are ways
to
> drop that adopted authority.

This is a situation I hadn't thought of.  Typically, I have a special
profile with only the authority it needs, rather than *ALLOBJ.  But I'd
be interested to know how to drop adopted authority!


> A difference between using adopted authority and using swapped user
> profiles is that the adopted authority ends when the program ends,
while
> the swapped user profile stays swapped until it is swapped back.

Yes, this is the crux of my problem with swapping.  It's up to the
programmer to "give back" authority, and we all know how difficult that
is <grin>.  Seriously, I would try to enforce from a design standpoint
that any program doing swapping be atomic: it adopts authority for the
swap, does the swap, executes the needed function, swaps back, and
returns.  This sort of one-stop shopping might cause a little extra work
-- you might, for instance, have to write to a temporary file, and then
call a security-enabled program to set its rights -- but I think it's
worth it in the end.

Joe


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.