Re: Identifying drives/volumes

On Tue, 2004-10-19 at 13:14 -0500, Federico Mena Quintero wrote:
> On Tue, 2004-10-19 at 17:43 +0200, Alexander Larsson wrote:
> > Say you have a GnomeVFSVolume that is really a "connected server" that
> > points to file:///mnt/cdrom. When you do
> > gnome_vfs_volume_monitor_get_volume_for_path(/mnt/cdrom) you will get
> > the actual volume for the cdrom, not the connected server volume.
> Right.  But I guess the user asked for trouble, anyway, if that happens.
> [How would you create such a situation from the user interface?  Can you
> do it from Nautilus?]

Sure. Just connect to server and type in a file:// uri. Its not gonna be
common, but its not impossible.

> > I have a question though. How do you propose can_user_see_volume(vol)
> > will work? I mean, how would the user specify which volumes are ok and
> > which are not?
> That's left as an exercise for the reader.  I mean, it's an
> implementation detail.  Actually, it's up to the lockdown extension to
> decide that :)
> Say you have a configuration file that describes what the user may see.
> It could be a config file, or something you grab off of LDAP, or
> whatever.
> Say you are in a company, and want your employees' boxes to be locked
> down so that they can only see their home directories, the floppy, and
> the company-wide NFS share:
> <lockdown>
>   <visible-volume base="/mnt/floppy"/>
>   <visible-volume base="/mnt/nfs"/>
>   <visible-folder base="/home/username"/>
> </lockdown>
> [Presumably, "/home/username" is generated for each user... you get the idea]
> The extension would turn those paths into URIs and implement
> GtkFileChooserExtension::is_volume_visible() by simple string
> comparisons, and ::is_path_visible() by testing whether one of the
> visible-folder items in the XML above is an ancestor of the path that is
> being tested.
> Or maybe I'm totally on crack, and this is just not the way to implement
> lockdown for the file system.  What would Nautilus do?  Presumably it
> has requirements that are very similar to the file chooser's.

The reason I'm asking is that its a bit hard to specify volumes. How do
you know what is availible, and where it gets mounted? If you plug in
some usb flash it'll get assigned to say /mnt/usbflash2, but you can't
depend on that, since it depends on what other usb flash devices was
plugged in before.

I guess it mostly works if you assume everything is hidden and specify
which volumes are visible. Although it might create suprises, like /tmp
being hidden since it was on a separate partition (and thus another

What if the user wants to configure lock-down like "allow access only to
cdroms and floppies, plus the root+homedir partitions? How would you
define that using paths?

 Alexander Larsson                                            Red Hat, Inc 
                   alexl redhat com    alla lysator liu se 
He's an immortal moralistic hairdresser who hangs with the wrong crowd. She's 
a hard-bitten mutant museum curator with a birthmark shaped like Liberty's 
torch. They fight crime! 

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]