[NTLUG:Discuss] Last meeting, you CAN have hotplugged devices automount without desktop

Chris Cox cjcox at acm.org
Thu Jan 24 23:18:11 CST 2008


Robert Pearson wrote:
> On Jan 24, 2008 6:43 PM, Chris Cox <cjcox at acm.org> wrote:
>> Ted Gould wrote:
>>> On Wed, 2008-01-23 at 23:48 -0600, Jerome Haltom wrote:
>>>> Right now, at least in Gnome, this is not handled as good as it could
>>>> be. A process named gnome-volume-manager is responsible for acting on
>>>> the devices when they are inserted. There is no perfect mechanism to
>>>> identify which user should mount the device. Consequently it doesn't
>>>> work right when involving multiple users.
>>> How should it work with multiple users?  I believe that it'll mount as
>>> the user who is on the console today.
>> Which is arguably wrong as well.  Best thing to do is to realize that
>> devices coming into the computer could be utilized by more than one
>> person and simply maintain session state across the users to attempt
>> to avoid collision.  Of course user operations to a device are usually
>> multiple independent steps and not transactional in nature, so room
>> for error will always exist.
>>
>> So... if all of these "Kits" are simply designed to present
>> a session collision mechanism... fine.  They just shouldn't
>> strive to do the impossible (that results in failure).
>>
> 
> How would you control access to these devices to include some users
> and exclude others?

Well... my guess is that perhaps PolicyKit would allow one to
define devices for access differently between users.  Not exactly
the panacea everything to everyone idea... more like this user
can do these kinds of things with these kinds of devices.

> The problem I'm trying to solve is the Security / Identity Management
> of a "virtualized" Information resource.
> Sometimes it is impossible to know in advance "who" and at "what
> level" this Information will need to be accessed.

Very true.  Devices inherently belong to platforms, and NOT to
people.  Not sure about your case though.


> Sometimes these "virtualized" Information resources are accessed in
> "ad hoc" (unstructured) Information space and new Information is added
> to the space. Would simple legacy work in a case where the creation
> was a collaborative effort of many users?

I guess I need a more specific example (try to pick a good one that
best represents the problem you foresee happening).

> Perhaps there is a simple Security design. Sometimes I complicate things.
> The "Rule of Thumb" in the past was "Better Safe Than Sorry" so access
> was very restrictive for private Information in public places.

Complicated security implementations usually end up dying.  Just
my own observation.



More information about the Discuss mailing list