DConf Database Suggestion
Dave Cridland
dave at cridland.net
Mon Apr 11 11:37:35 EEST 2005
On Mon Apr 11 00:58:32 2005, Jamie McCracken wrote:
> Dave Cridland wrote:
>> On Sat Apr 9 11:56:22 2005, Jamie McCracken wrote:
>>
>>> I was wondering if it might be better to use libgda as an API to
>>> the backend rather than using the Sqlite API directly.
>>>
>>>
>> Probably, but I personally think it's way too early to be talking
>> about implementation details. Moreover:
>>
>>> One of the advantages of using a client/server RDBMS will be easy
>>> remote control and lockdown of settings. A DBA which most
>>> enterprises will have can easily use the SQL grant/revoke to
>>> prevent write access to tables that dconf utilises (something
>>> which might prove difficult to do with Sqlite as it has no user
>>> authentication). Indeed remote administration will also be most
>>> effective this way.
>>
>>
>> Since SQL doesn't have notifications, tweaking the configuration
>> via SQL will likely turn out to be a bad idea. You'll lose any
>> possibility of if-not-modified-since style functionality working,
>> in this case. Havoc will most likely say that this doesn't matter
>> - I think it does. Any administrator going behind the
>> configuration system's back deserves the problems it will cause.
>>
>>
> Most sql servers support event notification thereby allowing the
> client to listen on a tcp port for such events. A simple trigger on
> the table(s) is all thats needed to deliver such notification.
> THere is however no standard between servers for this communication
> so a propriety solution would be needed for each type of SQL server
> (unless a future libgda supports/abstracts this).
>
> I personally dont think notification is strictly needed here cause
> the kind of changes being made are more likely to be restrictions
> on what a user can change or changing defaults. User config changes
> would obviously not be initiated at the back end server.
> Centralised control and lockdown dont necessarily need notification.
>
>
Oh, I think they do.
>> FWIW, I'm pretty certain that, given the relative ease of handling
>> D-BUS interfaces from Python et al, a huge bunch of command-line
>> utilities for helping administrators manage the system will spring
>> up, and make hitting the config system's storage an ugly waste of
>> time anyway.
>
> Yes that will all help but remote admin really needs a
> client/server architecture and for easy mass changes to user
> settings a centralised DB. THis is meat and drink to a DBA. The
> decentralised route where the DConf DBs are local to a machine is
> not really suited for this and for a large enterprise it can be
> extremely painful to do this without a centralised form of control.
>
>
Yes, but given multiple implementations, etc, I suspect the tools
will exist anyway, and be much more convenient and considerably safer
than letting a DBA loose on the system.
>> For the specific task of lockdowns, etc, I find it unlikely that
>> SQL's GRANT functionality will be up to the task of handling the
>> granularity of ACL that a configuration system requires. Wouldn't
>> this only be able to, in effect, control SELECT, UPDATE and INSERT
>> across entire tables?
>
> Yes thats right for individual users. But my understanding is there
> will be multiple tables -
>
> 1) table for default settings
> 2) table for specifying which keys a user can update and fixed
> values for ones they cant.
> 3) a table to hold the actual key values a user is allowed to
> change.
>
> A DBA would then revoke write priveleges for a user for tables 1
> and 2 and grant it for table 3.
>
> Table 3 would also need to be prefixed/namespaced with the username
> so multiple user's settings can reside in the same database on the
> server.
I personally think that here, you're getting very bogged down in the
implementation details of a system which doesn't exist.
Moreover, I still don't see how that allows the administrator to
force a particular email client on a user whilst allowing them to
change their desktop background.
Finally, I think this sort of storage-level fiddling is largely
similar to telling UNIX admins to ignore the package manager. Yes,
it's possible, but it's rarely a good idea.
Dave.
More information about the xdg
mailing list