Re: settings daemon D-Bus interface proposal

From: Tambet Ingo <tambet ximian com>
To: Dan Williams <dcbw redhat com>
Cc: networkmanager-list gnome org
Subject: Re: settings daemon D-Bus interface proposal
Date: Tue, 20 Feb 2007 16:44:03 +0200

On Tue, 2007-02-20 at 08:49 -0500, Dan Williams wrote:
> The system settings service (what we were calling NMI) will run either
> as 'nobody' or 'root' (I'm not sure yet, thoughts?).  Something will
> have to start it, either NM or the startup scripts.  It provides the
> default/mandatory settings that users have published system-wide or that
> the sysadmin has set.  I'm somewhat afraid that if we run it as 'nobody'
> that we'll not be able to trust the information we get out of it because
> it's not root.
> 
> If we run the system settings service as 'root', then it can access the
> system-wide published secrets and then NM doesn't have to contain code
> to read the secrets in some lookaside directory.  If it's run as
> 'nobody' then NM would have to store them.  Your thoughts David?

It would be very nice if it weren't root. If nobody isn't trusted
enough, maybe some other dedicated user, something that could be shared
with hal policy daemon etc (which I know nothing about). Would make a
lot of security-(paranoid-)people happy.

> This Gnome system settings daemon will be a copy of nm-applet and will
> be run with the '--system' argument, which tells the applet to present
> _no_ UI, not init GTK, and acquire the system settings service name
> rather than the user-level settings service name.

Why do we want to do this? Because of the GConf dependency? In my
opinion the settings daemon belongs much more to the core NM than
NM-gnome, there's no desktop specific bits in it at all (it doesn't even
have any UI or regular user who'd ever log in).

I'd suggest using a simple GKeyFile-based configuration mechanism for
the daemon for now. There are a lot of people interested in moving GConf
down the stack, either below glib or maybe into glib, so it will happen
sooner or later.

Does this new settings code mean that most of the backends (more
precisely, the information reading from /etc/sysconfig part) is now
deprecated? If no, which information does the NM prefer, the new daemon
or the distro specific?

The API itself looks good to me.

Tambet

Follow-Ups:
- Re: settings daemon D-Bus interface proposal
  - From: Dan Williams

References:
- settings daemon D-Bus interface proposal
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]