[PATCH] set required mount privileges via fdi file
David Zeuthen
david at fubar.dk
Sat Jul 22 10:36:02 PDT 2006
On Thu, 2006-07-20 at 09:43 +0200, Ludwig Nussel wrote:
> On Wednesday 19 July 2006 18:34, Artem Kachitchkine wrote:
> > > So in
> > > order to only allow Dave to mount "Dave's usb key" you just have to
> > > create an fdi file
> >
> > I would expect that to manipulate _privileges_ you'd want to manipulate
> > _privilege_ files, not fdi files. I think "resources" serve the purpose
> > you describe, i.e. to allow Dave mount "Dave's usb key" you'd add
> > something like:
> >
> > Allow=dave:/org/freedesktop/Hal/devices/volume_dave_s_usb_key
>
> Where would you put that? Into the definition of
> 'hal-storage-removable-mount'? How would you be able to mount anything
> else then if you restrict it to dave and dave's usb key? You cannot
> introduce another privilege file as hal-storage-mount always asks
> for the 'hal-storage-removable-mount' privilege.
According to the spec
http://webcvs.freedesktop.org/hal/PolicyKit/doc/spec/polkit-spec.html?revision=1.7#id2992755
then
Allow=uid:joe uid:barry uid:dave:hal:///org/freedesktop/Hal/devices/volume_dave_s_usb_key
Deny=
would allow joe and barry to mount removable storage and only dave to
mount a specific device.
We can make this more complex if we want (introducing NOT operators) but
I'm not sure we want that. Another avenue is to change the way Allow and
Deny is processed so you can write
Allow=uid:__all__ uid:dave:hal:///org/freedesktop/Hal/devices/volume_dave_s_usb_key
Deny=uid:dave
The important thing really is to be able to map this sanely to some UI
that an admin can understand, e.g.
+------------------------------------------------+
| ( ) No user can mount fixed drives |
| ( ) Any user can mount fixed drives |
| (*) Restrict mounting of fixed drives to |
| the following users and groups: |
| +-------------------------------+ |
| | U davidz ^| |
| | U dilbert || |
| | G admins || |
| | G releng V| |
| +-------------------------------+ |
| [Delete] [Add Group] [Add User] |
| |
| ( ) No one can mount removable drives |
| ( ) Any user can mount removable drives |
| (*) Restrict mounting of removable drives to |
| the following users and groups: |
| +-------------------------------+ |
| | U jane ^| |
| | U john || |
| | G admins || |
| | G secretaries V| |
| +-------------------------------+ |
| [Delete] [Add Group] [Add User] |
| |
| [Close] |
+------------------------------------------------+
Once you have an idea of UI and the user experience an admin wants, it's
a lot easier to start talking about data formats. I don't pretend the
current Allow, Deny clauses and their semantics are 100% right -
suggestions welcome.
Oh, and as mentioned elsewhere I think the current implementation of
PolicyKit will just ignore the resource thing though the API will still
expose it. That is because I'm not sure anyone needs a user experience
right now that is per-device. I could be wrong though, and if I am, we
can change the formats without changing the API.
Cheers,
David
More information about the hal
mailing list