That's not quite true about RBAC - while there is nothing in GConf to deal with
RBAC, it *could* have an effect - if the RBAC role provides the user with the
ability to modify files in /etc - which is where the mandatory settings are
stored by default.
As Jeff says, there is the risk of inconsistency if a user is logged in, but in
normal use, a user shouldn't ever write a file to /etc, but in ${HOME}/.gconf.
An other issue is that the configuration in /etc generally isn't re-read until
AFTER the gconf daemon is restarted for a user - so this would mean that a
currently logged-in user would be unlikely to see the change until after they
logout and login again - but it could be forced by a user running :
gconftool-2 --shutdown
while would shutdown a running gconf2d daemon, which would be automatically
started again the next time a client app looks for a setting from it (which is
generally quite soon after the shutdown), and when it restarts the new settings
in /etc will be re-read.
APOC changes all of this (AFAIK) due to the settings being stored in LDAP rather
than files - but I don't know enough about APOC to be able to confirm that a
change to a mandatory setting would take immediate effect, anyone else know??
Hope that this helps,
Darren.
Jeff Cai wrote:
> I think GConf is mainly used by desktop applications. Currently, it
> seems independent of RBAC.
>
> The gconf changes usually can be valid only after restarting the
> application. This is the main reason that the Guide suggests all users
> are logged out and avoid system inconsistence.
>
> Jeff
>
> On Mon, 2007-10-15 at 08:45 -0700, Mike Kuhnkey wrote:
>> Quote from GConf Section of GNOME Administration Guide 2.14:
>>
>> Caution:
>> "Before changing mandatory preference values or default preference values
>> for users, ensure all users are logged out."
>>
>> How is this impacted by USER, assuming "root" role when root has been
>> converted to role in /etc/user_attr ?
>>
>> My environment(s) are SXDE-09/07 and Solaris 10 u4....should mandatory
>> values be configured/set prior to conversion of "root" to role?
>>
>>
>> This message posted from opensolaris.org
>> _______________________________________________
>> desktop-discuss mailing list
>> desktop-discuss at opensolaris.org
>
> _______________________________________________
> desktop-discuss mailing list
> desktop-discuss at opensolaris.org
