Re: User-level Tasks in Hotplug Scripts?
- From: jg pa dec com (Jim Gettys)
- To: David Brownell <david-b pacbell net>
- Cc: Jim Gettys <jg pa dec com>, Ryan Shaw <ryan shaw stanfordalumni org>, linux-hotplug-devel lists sourceforge net, wm-spec-list gnome org, xpert xfree86 org, Oliver Neukum <520047054719-0001 t-online de>
- Subject: Re: User-level Tasks in Hotplug Scripts?
- Date: Mon, 4 Feb 2002 07:10:56 -0800 (PST)
Fundamentally, we have no convention right now for any client (root or not)
to connect to an X server except on initiation of the user (unless
the user is silly enough to disable authentication entirely.
This is an generic X issue (how to delegate authorization to connect).
There is the xauth mechanism, not very secure, but no convention on its
use in these circumstances. There is also support for kerberos, which
is reasonably secure when used properly. And there is SSH, which has
never been integrated into X's world cleanly (and probably should be).
And there is Owen's scheme for
some sort of server process, but this presents much the same fundamental
security/authentication/authorization problem as well.
I don't have a preconcieved
notion of what the correct solution is; I'm not even very familiar with
the possibilities.
Certainly, I want no user intervention as much of the time as possible, but
we also need a hotplug design which allows for user intervention at the
time of first use in cases where it may be necessary. The hotplug script
design needs to allow for this, even if it is not the usual case.
And there is need to automatically run GUI based programs, even after
configuration (automatically downloading images off your camera, for
example).
Personally, I find it very frustrating to have to go looking for a configuration tool before I can use some hardware: this is not something
a (mere mortal) user knows in advance, and so don't believe the right thing
to do is necessarily nothing (though for much hardware this may be the correct
answer, it isn't for most casually used hardware).
We can certainly split this discussion to the different communities
if people think that is best, but I wanted to get the problem aired;
there is a problem for each community to mull over at the core of this
problem.
And someone who sends mail from an address "nogui" certainly has a strong
opinion on the topic, which may not be universal :-;.
- Jim
--
Jim Gettys
Cambridge Research Laboratory
Compaq Computer Corporation
jg pa dec com
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]