[Bugs] #1884 UNSP: use system settings instead of user settings for NetworkManager

Sugar Labs Bugs bugtracker-noreply at sugarlabs.org
Wed Mar 31 16:30:56 EDT 2010


#1884: use system settings instead of user settings for NetworkManager
------------------------------------------+---------------------------------
    Reporter:  sascha_silbe               |          Owner:  tomeu            
        Type:  enhancement                |         Status:  new              
    Priority:  Unspecified by Maintainer  |      Milestone:  0.90             
   Component:  sugar                      |        Version:  Git as of bugdate
    Severity:  Major                      |       Keywords:                   
Distribution:  Unspecified                |   Status_field:  New              
------------------------------------------+---------------------------------
 I was perfectly sure I had already filed this as a Trac ticket, with quite
 some elaboration - but cannot find it anywhere. :-/

 For storing network connection information we should use
 [http://live.gnome.org/NetworkManager/SystemSettings system settings] by
 default, not [http://live.gnome.org/NetworkManagerConfiguration user
 settings]. Currently we don't support the former at all (whereas the Gnome
 UI allows the user to tick a checkbox during configuration to choose
 between the two).

 Using system settings allows NetworkManager to connect to the network
 indepently of any user being logged in. Some of the benefits:

 1. Ability to ssh into a machine where Sugar is broken (=> no network at
 all with the current "user settings" strategy).
 2. No connection loss on restart of Sugar.
 3. Automated tools (e.g. NTP, IPv6 tunnel) might get a network connection
 during boot.
 4. Faster collaboration startup.
 5. Bugs in our implementation of the user settings won't hit the majority
 of users. ;)

 I consider it not to be a security issue due to the (assumed) distribution
 of use cases:

 1. Most computers (laptops and desktops) that run Sugar are single-user;
 everyone who can (physically) log in to the machine is going to be trusted
 to ''use'' any configured network connection (though not read the password
 - but given the way the
 [http://live.gnome.org/NetworkManagerDBusInterface/Late..g.freedesktop.NetworkManagerSettings.Connection.Secrets
 NetworkManager D-Bus API] is structured that shouldn't be an issue)
 2. Most multi-user machines will handle the network connection as part of
 the system setup and not run NetworkManager resp. not allow users to
 fiddle with the network connection at all. This especially includes LTSP-
 style setups.
 3. The remaining fraction of systems is rather likely to have experienced
 system administrators willing and able to lock down the system on their
 own, including modifying D-Bus / PolicyKit configs to fit their needs.

 Disadvantages:
 1. Requires D-Bus or PolicyKit configuration to allow the Sugar user to
 access NetworkManager system settings. OTOH we already require D-Bus
 configuration to allow the Sugar user to access NetworkManager user
 settings.

-- 
Ticket URL: <https://bugs.sugarlabs.org/ticket/1884>
Sugar Labs <http://sugarlabs.org/>
Sugar Labs bug tracking system


More information about the Bugs mailing list