On Fri, Sep 4, 2009 at 1:29 AM, Dan Williams <d...@redhat.com> wrote:
> On Tue, 2009-09-01 at 15:12 +0800, Bin Li wrote: > > Hi, > > > > NetworkManager currently only supports one PolicyKit privilege. That > > is whether a user is allowed to modify administrator defined > > connections or not. There is no way to disallow users to define their > > own network configurations. > > Right, we do want to do this. I think it's more possible with NM 0.8 > and PolicyKit 1.0 where the actual authentication is simpler. Having > finer grained permissions was always the plan. > > To disallow activation of user connections, we'd want to add a PolicyKit > permission for it, and then do the corresponding work in nm-manager.c's > impl_activate_connection() handler. We'd also want to make the Policy > object ignore user connections when selecting which connections to > connect to automatically, and also set a "permissions" bit in the system > settings service to indicate that user connections weren't allows so the > UI can update accordingly. > Dan, To disallow users to define their own network configuration, I add a new permission, org.freedesktop.network-manager-settings.user.modify, then link to the add button, when the user have permission, he can add it, vice versa. I've met a problem, the user's connection save in the gconf, and the user can change the gconf with gconftool-2 without permission checking. So are there any method to resolve this problem? And is it okay to do like this? Any idea? And I've a simple use-case that disallow workers on centrally administered machines to configure different network settings. Thanks!
_______________________________________________ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list