Hi all, In a deployment scenario, the desktop administrator should ideally be able to define a restricted set of directories which users in a profile will be able to view. For example, a user may only be allowed to view the contents of his home directory and its subdirectories.
I have been figuring out methods to implement this, and the general idea is something like this: 1. List of allowed directories are stored in GConf key /desktop/gnome/lockdown/allowed_dirs 2. gnome-settings-daemon reads this list and exports it via xsettings 3. nautilus uses gconf to read the list and allows access for users while the gtk+ filechooser (using the GNOME-VFS backend) reads it from xsettings 4. additionally both of the above use gnome-vfs to figure out user-visible volumes and allow access to them since policy on those are set by HAL anyway.. However, I have been wondering if it is a better idea to check for allowed directories from within GNOME-VFS itself. A downside to this might be that applications that may use gnome-vfs to read config files/etc outside the set of allowed directories might break - but I'm not sure whether apps do use gnome-vfs to access such files. The advantage on the other hand would be that I do not have to fiddle around with gnome-settings-daemon or xsettings, since the policies would automatically be applicable for the gnome-vfs based backend of the filechooser (I'm ignoring the unix backend). Thoughts/comments/suggestions are welcome :-). Cheers, Sayamindu -- Sayamindu Dasgupta [http://sayamindu.randomink.org/ramblings] -- nautilus-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/nautilus-list
