On Thu, Sep 17, 2009 at 2:11 PM, Tambet Ingo <[email protected]> wrote: > On Thu, Sep 17, 2009 at 06:16, Bin Li <[email protected]> wrote: >> To disallow users to define their own network configuration, I add a new >> permission, org.freedesktop.network-manager-settings.user.modify, then link >> to the add button, when the user have permission, he can add it, vice versa. >> I've met a problem, the user's connection save in the gconf, and the user >> can change the gconf with gconftool-2 without permission checking. >> So are there any method to resolve this problem? And is it okay to do like >> this? Any idea? > > This makes no sense. You can already lock GConf so there's no need to > do anything for user settings. Just lock the /system/networking path > in gconf and the settings can't be changed. The only thing you could > improve, is to make sure nm-applet and nm-connection-editor handle it > more gracefully, ie "gray out" the apply button etc... >
It make no sense that "gray out" the apply button etc, I think, when the /system/networking path is locked. Because if it is locked all buttons should be gray out. Maybe we should not show the nm-connection-editor, as on average if someone was not permitted to modify user settings, he or she would be denied to modify the system settings. And another aspect. I think we should leave the control in the NetworkManager side. As far as I know, all settings should be apply through NetworkManager. If we just lock gconf, people with malicious intent can still use modified nm-applet to apply the user settings they want. So I think there may be a policy action such as org.freedesktop.network-manager-settings.user.apply. Every time NetworkManager receive the request to apply the user settings, it should check the action. And nm-connection-editor also check the action to set the button status. Further more maybe we split the policy to org.freedesktop.network-manager-settings.user.wired.apply org.freedesktop.network-manager-settings.user.wireless.apply org.freedesktop.network-manager-settings.user.vpn.apply etc... What do you think? > Tambet > _______________________________________________ > NetworkManager-list mailing list > [email protected] > http://mail.gnome.org/mailman/listinfo/networkmanager-list > -- : Lance Wang U+738B U+4F36 U+5353 _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
