ramblings about privileges
David Zeuthen
david at fubar.dk
Sat Jan 21 18:41:11 PST 2006
Hi,
Thanks for the beedback.
On Sat, 2006-01-21 at 18:26 -0800, Artem Kachitchkine wrote:
> > With the desired UI in mind, how would construct a model for allowing
> > such an user interface in a secure way? Clearly we have users, groups,
> > black lists and white lists in the picture.
> >
> > My thinking is a flat configuration file
>
> Why not define the model in terms of methods and properties, just like
> D-BUS? This would allow for multiple implementations: flat file, gconf,
> LDAP, SMF, whatever.
I'm not exactly sure what you're saying here.. are we only talking
format, e.g. how to store this data.. I'm asking because whether
hal-system-storage-mount reads this from a flat file or somewhere else
is pretty much a trivial yet nice detail.
So you're saying... maybe we just need that helper, hald-check-policy to
have this simpler interface so we can just do either
hald-check-policy --uid $HALD_INVOKED_BY_UID --policy storage_fixed
or
hald-check-policy --uid $HALD_INVOKED_BY_UID --policy storage_removable
from the mount script dependent on the volume stems from a fixed or
removable drive. One implementation reads flat files, another one
consults gconf etc... However, to get the UI done you need the tool to
read/write specifics ("give me the blacklist", "set this new whitelist")
but that's totally doable too. Interesting, good point.
Or maybe I completely missed the point?
Cheers,
David
More information about the hal
mailing list