Re: multi-user, udev, consolkit, oh my

[Yan Seiner <yan@seiner.com>]

Kay Sievers wrote:
> On Sun, Nov 16, 2008 at 16:31, Yan Seiner <yan@seiner.com> wrote:
>   
>> I'm working on multi-user setups.
>>
>> I'd like to be assign some resources - like a USB hub - to a seat and have
>> hotplug for that hub work only for that seat.
>>
>> Currently, what happens is that a user plugs in a camera, and hal reports
>> the event.  All of the concurrent gnome-volume-manager instances then try to
>> grab that resource, and what results is a mess.
>>
>> consolekit has been suggested as a way to resolve this, but I can't figure
>> out how to use it.
>>     
>
> Yes, ConsoleKit/PolicyKit/HAL should be used as the basic
> infrastructure to properly assign ACL's to devices for specific users.
> ConsoleKit is the only way to track activitty of sessions, which is
> what you need for shared devices, to grant access only to active
> sessions. But I don't think anybody ever really used multi-seat
> setups, so there is likely stuff that needs to be implemented.
>
>   
>> googling around, I've found suggestions for using udev to limit access to
>> usb devices by creating a group that only has access to the usb subsystem.
>>
>> If I want to group some resources and only have those resources on behalf of
>> a specific user, and not any other, is there a way to do that?
>>     
>
> You can assign an owner or group to all devices below a specific USB
> hub. You onlt need to identify the hub reliably.
>
>   

Thanks for the information.  At least I'm on the right track...  I've 
been reading up on dbus and hal, but I can't really find how dbus, 
ConsoleKit, and hal all work together.  It looks like the policies in 
/etc/dbus-1/session.conf might do what I need, but I can't find any 
documentation on what policies are available and how to set them.

The overall idea is that we put up an X session on every available 
screen and ask the user to hit a specific key on the keyboard.  The key 
is different for each X session.  Once we have the keyboard event, we 
can tell which USB hub it came from and we can assign the USB hub it's 
plugged into to that seat.  We can then scan the hub for mouse, audio, 
mass storage, whatever and handle them on behalf of that user.

 From that point on, any event that takes place on that hub only gets 
handled by that user's session.  That's the long-term goal. Right now it 
would be nice just to be able to limit gnome-volume-manager to a single 
hub, even if I have to hard-code the hub in some config file.

I'm new to the whole dbus/hal thing so I would appreciate any pointers 
to docs or discussion that might help me out.

--Yan