DConf Database Suggestion

Jamie McCracken jamiemcc at blueyonder.co.uk
Mon Apr 11 13:04:19 EEST 2005

>>> For the specific task of lockdowns, etc, I find it unlikely that 
>>> SQL's GRANT functionality will be up to the task of handling the 
>>> granularity of ACL that a configuration system requires. Wouldn't 
>>> this only be able to, in effect, control SELECT, UPDATE and INSERT 
>>> across entire tables?
>> Yes thats right for individual users. But my understanding is there 
>> will be multiple tables -
>> 1) table for default settings
>> 2) table for specifying which keys a user can update and fixed values 
>> for ones they cant.
>> 3) a table to hold the actual key values a user is allowed to change.
>> A DBA would then revoke write priveleges for a user for tables 1 and 2 
>> and grant it for table 3.
>> Table 3 would also need to be prefixed/namespaced with the username so 
>> multiple user's settings can reside in the same database on the server.
> I personally think that here, you're getting very bogged down in the 
> implementation details of a system which doesn't exist.
> Moreover, I still don't see how that allows the administrator to force a 
> particular email client on a user whilst allowing them to change their 
> desktop background.

Okay let me clarify:

Table 1 is for basically the Gconf schema (or its equivalent). This 
table might be stored in a local database (or text file) so that if the 
sql server is down you still have emergency fallback values.

Table 2 is your ACL table and its here that you will specify which 
users/groups can update which keys - IOW for your example the email 
client to use would be specified in this table and the corresponding 
key(s) would be marked non configurable for the users/groups

Table 3 is for user configurable settings like as you specified  setting 
the desktop background. All keys not locked down in table 2 would be 
settable here. This is obviously a per user table.

> Finally, I think this sort of storage-level fiddling is largely similar 
> to telling UNIX admins to ignore the package manager. Yes, it's 
> possible, but it's rarely a good idea.

Well its no different for LDAP which the KDE folks would like. (I 
actually think remote admin is a core requirement for DConf and its a 
significant part of the "lets make sure DConf is better than what we 
currently have")


> Dave.

More information about the xdg mailing list