Re: Nautilus and Gnome should only show devices that the user has permission to use.
- From: David Zeuthen <david fubar dk>
- To: openuserful userful com
- Cc: desktop-devel-list gnome org
- Subject: Re: Nautilus and Gnome should only show devices that the user has permission to use.
- Date: Wed, 21 Feb 2007 16:20:34 -0500
On Wed, 2007-02-21 at 13:16 -0700, openuserful userful com wrote:
> On a multistation/multiseat system, users on each station can have their
> own USB flash drives, USB floppy drives, etc. Nautilus currently displays
> icons for all of these devices on all desktops. Access permissions for
> these devices may one day be controlled by ConsoleKit, but for the time
> being, on Userful's multistation systems it is currently controlled by our
> various custom scripts.
>
> What we would like is a way to ensure that the user can only see devices
> that they have permission to use. (There are scenarios where users may
> need to see all devices, so the solution must be configurable.) In the
> past we have modified nautilus, libgnomeui, and gnome-vfs to read our
> custom configuration files. What we are looking for is a more elegant
> solution that can be merged in upstream that would be useful for other
> multistation projects. Does Gnome currently have some functionality to
> support this? If so, how? If not, what form would this type of
> modification take? What software needs to be modified? Who are the right
> people to talk to? Lastly, is there anywhere more appropriate to post
> these questions?
Well, HAL now recently ConsoleKit integration although it's only useful
for fast-user-switching as this point (Fedora 7 will ship with CK and
f-u-s working out of the box). So, I don't think it's that much work to
make it for multi-seat too especially since CK have been designed with
this in mind. It basically involves
- tag devices with a property, say, access_control.seats, with
what seat(s) the devices belong to. This probably amounts to
writing some fdi files + teaching HAL to inherit access_control.seats
from parent devices (this way you can tag a USB host controller
or a USB hub and devices plugged into that will inherit the
seat).
Where the configuration comes from is an interesting question. Most
probably *some* kind of configuration file but ideally we'd support
some (D-Bus) interfaces so it's trivial to write a GTK+ client for
graphical editing on what devices belongs to each seat etc. E.g.
Joe Sysadmin should be able to say "port 3 of this or that USB hub
belongs to seat 1", "the internal optical drive belongs to seat 1
and 2" and so forth.
- Add some checks in HAL so only provide service to client on a device
if the device belongs to a seat where the session occurs. This is
possible with CK today because a system-level service like HAL
can determine what session/seat some caller over D-Bus originates
from. This is not hard at all; we already do this for f-u-s but
right now only look at whether the session is active or not.
- Then, on the GNOME side, probably only gnome-vfs would need to be
patched to discard devices that are not belonging to the seat the
user session belongs to. This is really easy to do too; basically
just compare access_control.seats with the seat you're on yourself.
So I don't think this is much work at all now that we've got CK and HAL
is integrated with CK. I just haven't gotten around to do it mostly
because I don't have a multi-seat setup yet :-). Anyway, I'd be more
than happy to provide assistance where needed - if you're interested in
this please take the discussion to the HAL list
http://lists.freedesktop.org/mailman/listinfo/hal
where both CK and HAL is discussed. Thanks!
David
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
