[PATCH] set required mount privileges via fdi file
Ludwig Nussel
ludwig.nussel at suse.de
Thu Jul 27 06:50:05 PDT 2006
On Saturday 22 July 2006 19:36, David Zeuthen wrote:
> On Thu, 2006-07-20 at 09:43 +0200, Ludwig Nussel wrote:
> > On Wednesday 19 July 2006 18:34, Artem Kachitchkine wrote:
> > > > So in
> > > > order to only allow Dave to mount "Dave's usb key" you just have to
> > > > create an fdi file
> > >
> > > I would expect that to manipulate _privileges_ you'd want to manipulate
> > > _privilege_ files, not fdi files. I think "resources" serve the purpose
> > > you describe, i.e. to allow Dave mount "Dave's usb key" you'd add
> > > something like:
> > >
> > > Allow=dave:/org/freedesktop/Hal/devices/volume_dave_s_usb_key
> >
> > Where would you put that? Into the definition of
> > 'hal-storage-removable-mount'? How would you be able to mount anything
> > else then if you restrict it to dave and dave's usb key? You cannot
> > introduce another privilege file as hal-storage-mount always asks
> > for the 'hal-storage-removable-mount' privilege.
>
> According to the spec
>
> http://webcvs.freedesktop.org/hal/PolicyKit/doc/spec/polkit-spec.html?revision=1.7#id2992755
>
> then
>
> Allow=uid:joe uid:barry uid:dave:hal:///org/freedesktop/Hal/devices/volume_dave_s_usb_key
> Deny=
>
> would allow joe and barry to mount removable storage and only dave to
> mount a specific device.
>
> We can make this more complex if we want (introducing NOT operators) but
> I'm not sure we want that. Another avenue is to change the way Allow and
> Deny is processed so you can write
>
> Allow=uid:__all__ uid:dave:hal:///org/freedesktop/Hal/devices/volume_dave_s_usb_key
> Deny=uid:dave
Ok, I had a different scenario in mind. I wanted all users including
dave be able to mount removable storage devices with the exception
of dave's usb key. Only dave should be able to mount dave's usb key.
Anyways, of the configuration examples above the latter one does make more
sense for your scenario IMO.
> The important thing really is to be able to map this sanely to some UI
> that an admin can understand, e.g.
>
> +------------------------------------------------+
> | ( ) No user can mount fixed drives |
> | ( ) Any user can mount fixed drives |
> | (*) Restrict mounting of fixed drives to |
> | the following users and groups: |
> | +-------------------------------+ |
> | | U davidz ^| |
> | | U dilbert || |
> | | G admins || |
> | | G releng V| |
> | +-------------------------------+ |
> | [Delete] [Add Group] [Add User] |
> | |
> | ( ) No one can mount removable drives |
> | ( ) Any user can mount removable drives |
> | (*) Restrict mounting of removable drives to |
> | the following users and groups: |
> | +-------------------------------+ |
> | | U jane ^| |
> | | U john || |
> | | G admins || |
> | | G secretaries V| |
> | +-------------------------------+ |
> | [Delete] [Add Group] [Add User] |
> | |
> | [Close] |
> +------------------------------------------------+
I guess you need a third dimension in order to be able to also
express the relationship to desktop-console here :-) Admins for
example should probably be able to mount/burn a cdrom when logged in
via ssh whereas jane only needs to when logged in on :0.
cu
Ludwig
--
(o_ Ludwig Nussel
//\ SUSE LINUX Products GmbH, Development
V_/_ http://www.suse.de/
More information about the hal
mailing list