* Claudio Freire (klaussfreire@gmail.com) wrote:
> On Mon, Jan 14, 2013 at 1:01 PM, Stephen Frost <sfrost@snowman.net> wrote:
> > I do like the idea of a generalized answer which just runs a
> > user-provided command on the server but that's always going to require
> > superuser privileges.
>
> Unless it's one of a set of superuser-authorized compression tools.
Which would require a new ACL system for handling that, as I mentioned..
That certainly isn't what the existing patch does.
What would that look like? How would it operate? How would a user
invoke it or even know what options are available? Would we provide
anything by default? It's great to consider that possibility but
there's a lot of details involved.
I'm a bit nervous about having a generalized system which can run
anything on the system when called by a superuser but when called by a
regular user we're on the hook to verify the request against a
superuser-provided list and to then make sure nothing goes wrong.
Thanks,
Stephen
