Darren comments below:
On Tue, 2007-10-16 at 08:02 +0100, Darren Kenny wrote:
> That's not quite true about RBAC - while there is nothing in GConf to deal
> with
> RBAC, it *could* have an effect - if the RBAC role provides the user with the
> ability to modify files in /etc - which is where the mandatory settings are
> stored by default.
But currently could RBAC control the access to the directory /etc? I
mean, have gconf-editor already supported RBAC? I can also use vi to
change gconf file only if I have the permission of writing the
directory /etc. This doesn't relate with RBAC.
>
> As Jeff says, there is the risk of inconsistency if a user is logged in, but
> in
> normal use, a user shouldn't ever write a file to /etc, but in ${HOME}/.gconf.
>
> An other issue is that the configuration in /etc generally isn't re-read until
> AFTER the gconf daemon is restarted for a user - so this would mean that a
> currently logged-in user would be unlikely to see the change until after they
> logout and login again - but it could be forced by a user running :
>
> gconftool-2 --shutdown
>
> while would shutdown a running gconf2d daemon, which would be automatically
> started again the next time a client app looks for a setting from it (which is
> generally quite soon after the shutdown), and when it restarts the new
> settings
> in /etc will be re-read.
>
> APOC changes all of this (AFAIK) due to the settings being stored in LDAP
> rather
> than files - but I don't know enough about APOC to be able to confirm that a
> change to a mandatory setting would take immediate effect, anyone else know??
The answer is yes. Only if the application is able to listen to events
of value change of GConf. You can get more from
http://docs.sun.com/app/docs/doc/817-7573/ezswi?a=view
>
> Hope that this helps,
>
> Darren.
>
>
>
>
> Jeff Cai wrote:
> > I think GConf is mainly used by desktop applications. Currently, it
> > seems independent of RBAC.
> >
> > The gconf changes usually can be valid only after restarting the
> > application. This is the main reason that the Guide suggests all users
> > are logged out and avoid system inconsistence.
> >
> > Jeff
> >
> > On Mon, 2007-10-15 at 08:45 -0700, Mike Kuhnkey wrote:
> >> Quote from GConf Section of GNOME Administration Guide 2.14:
> >>
> >> Caution:
> >> "Before changing mandatory preference values or default preference values
> >> for users, ensure all users are logged out."
> >>
> >> How is this impacted by USER, assuming "root" role when root has been
> >> converted to role in /etc/user_attr ?
> >>
> >> My environment(s) are SXDE-09/07 and Solaris 10 u4....should mandatory
> >> values be configured/set prior to conversion of "root" to role?
> >>
> >>
> >> This message posted from opensolaris.org
> >> _______________________________________________
> >> desktop-discuss mailing list
> >> desktop-discuss at opensolaris.org
> >
> > _______________________________________________
> > desktop-discuss mailing list
> > desktop-discuss at opensolaris.org
