On Fri, Sep 18, 2009 at 16:10, Lance Wang <lance....@gmail.com> wrote: > On Thu, Sep 17, 2009 at 2:11 PM, Tambet Ingo <tam...@gmail.com> wrote: >> On Thu, Sep 17, 2009 at 06:16, Bin Li <libin.char...@gmail.com> wrote: >>> To disallow users to define their own network configuration, I add a new >>> permission, org.freedesktop.network-manager-settings.user.modify, then link >>> to the add button, when the user have permission, he can add it, vice versa. >>> I've met a problem, the user's connection save in the gconf, and the user >>> can change the gconf with gconftool-2 without permission checking. >>> So are there any method to resolve this problem? And is it okay to do like >>> this? Any idea? >> >> This makes no sense. You can already lock GConf so there's no need to >> do anything for user settings. Just lock the /system/networking path >> in gconf and the settings can't be changed. The only thing you could >> improve, is to make sure nm-applet and nm-connection-editor handle it >> more gracefully, ie "gray out" the apply button etc... >> > > It make no sense that "gray out" the apply button etc, I think,
I'm sorry if I offended you, I didn't mean to. > when the /system/networking path is locked. Because if it is locked > all buttons should be gray out. Maybe we should not show the > nm-connection-editor, as on average if someone was not permitted to > modify user settings, he or she would be denied to modify the system > settings. > > And another aspect. I think we should leave the control in the > NetworkManager side. As far as I know, all settings should be apply > through NetworkManager. If we just lock gconf, people with malicious > intent can still use modified nm-applet to apply the user settings > they want. So I think there may be a policy action such as > org.freedesktop.network-manager-settings.user.apply. Every time > NetworkManager receive the request to apply the user settings, it > should check the action. And nm-connection-editor also check the > action to set the button status. Further more maybe we split the > policy to org.freedesktop.network-manager-settings.user.wired.apply > org.freedesktop.network-manager-settings.user.wireless.apply > org.freedesktop.network-manager-settings.user.vpn.apply etc... > > What do you think? I think in situations you describe NM should not accept user connections at all and rely only on system settings that already need root privileges to change. I don't see why we need two duplicate systems for controlling one thing. Tambet _______________________________________________ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list