Re: [Xpert]Re: User-level Tasks in Hotplug Scripts?

[Christer Palm <palm nogui se>]

Jim Gettys wrote:

> We need a secure, interoperable way for configuration scripts running
> as root to pop up configuration GUI's on user's servers, and we need it soon
> (yesterday), as hot-plug is now a reality on Linux systems....
>
> Handling this for the local case is first priority, but we should give some
> thought about the possibility that the administrator's display is somewhere
> else in the network (e.g. we're configuring a server system's hotplug event,
> so the admin is elsewhere).


Is this really what "we" need?
Having stuff "pop up" when certain event occur is probably very nice in 
many situations, but there are good reasons to why this kind of stuff 
only happens in the windoze world. You need to, for example, ask 
yourself the following questions:

  Who is the "administrator"?
  What if there is no "administrator" logged in?
  What if there's several "administrators" logged in?
  How to you distinguish interactive from non-interactive 
"administrator" logins?

 How do you even know if the "administrator" is running X?

  What happens if the "administrator" isn't running X?
  How do authenticate with the "administators" display?
  How do you know if the "administrators" X session is secure?
  If it isn't, is it still appropriate to pop up a configuration GUI on 
the "administrators" display?

IMHO, interactive configuration needs to be explicitly invoked by the 
administrator whether or not we're talking about configuring 
hot-pluggable devices. Any configuration taking place when a hot-plug 
device becomes available needs to be non-interactive and should be 
limited to picking up a configuration prepared on beforehand or a 
default (secure) minimum configuration.

The way the current pcmcia configuration takes place is, IMHO, The right 
way.

By the way, please don't cross-post excessively like this...

--
Christer Palm