Re: [RFC] Fast-user-switching plans



On Fri, 2010-05-21 at 08:53 +0200, Ludwig Nussel wrote:
> Daniel Gnoutcheff wrote:
> > I've been spending some time thinking about how to get N-M to work with
> > fast-user-switching. Here are some possible solutions that I have heard of or
> > thought of, presented for review.
> > [...]
> > Well, once again, thanks for reading all that! Comments, corrections, better
> > ideas?
> 
> 5. (or rather 2b?) Get rid of the user settings concept
> 
> I always found that concept weird and the wrong way around. Those
> network connections are not private to some user anyways. So always
> have all network connection settings system global (ie in /etc). You
> don't need to store an owner of a connection at all, owner is always
> root. Use polkit to determine whether a user trying to edit,
> start/stop network connections etc is allowed to do so. Credentials
> such as passwords or client certificates could still be requested
> from the frontend (ie the user that tries to start a connection) if
> storing them in plain text globally isn't desired.

Yeah, I've been thinking more about that recently too.  The  main cases
are more "personal" connections like VPNs where often you don't want to
grant VPN access to anyone you happen to let use your computer.  There
certainly has to be some gating of who can start, stop, and modify
connection information, and that's probably got to based on users.
Essentially, ACLs on a per-connection basis.

PolicyKit has some neat stuff here, but there's also always the fallback
of having a list of users stored along with the connection data itself
that can start/stop the connection, and another list that can modify
that connection.

And further posts are correct; network namespaces may well provide the
ability in the future to tie a specific user's traffic to a specific
outgoing interface and prevent others from using that connection.
Network interfaces and routing are not necessarily machine-wide when
network namespaces enter the picture, and we should have a story around
that.

But going forward, I think we do need to evaluate whether user
connections should really stick around given that we can get the same
security benefits by ACL-ing system connections.

The one benefit of user connections is that they follow you if you back
up your homedir and switch machines :)  I don't think that's enough of a
benefit to keep them around though.

Dan




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]