On Tue, Jul 28, 2015 at 9:43 AM, Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote: > On Mon, Jul 27, 2015 at 08:07:32PM -0600, Chris Murphy wrote: >> >> Not the user, the GUI asks a service to do the editing COW style - >> >> write out a .new and once that succeeds, then rename current to old >> >> and new to current. >> > Yes, I assumed that. What if there is an existing configuration? >> It would always use /etc/ssh/sshd_config whether it's the default >> installed, or a user modified one. The GUI Remote Login toggle would >> toggle both sshd.service stop/start/enable/disable states, and >> AllowUsers list. So something has to be able to parse this file. > > I guess the main complication is making sure that AllowUsers occurs > before any Match blocks. And avoiding any AllowGroups/DenyGroups > complication. > > Oh! An alternative which avoids any file parsing or writing: add an > "ssh-access" or similar group, configure default sshd_config with > "AllowGroups ssh-access". (Could be a Workstation-only sshd_config.) Maybe. Elsewhere I read that AllowUsers overrides AllowGroups. So as soon as you have AllowUsers chris, it basically ignores AllowGroups and only allows chris. But that's goofy if true. > On another note, I see that _all_ of the other sharing options are > actually _per network_. Maybe the "remote login" option should be the > same? Funny enough, I can't turn any of these services on, except Remote Login. The upper left slider in Personal File Sharing, Screen Sharing, and Media Sharing are all set to Off, grayed out, and can't be flipped to On. So I can't really explore the Networks interface in each of these. But my gut instinct is that sharing services UI should only be about configuring those services. Whether I want them available or not on certain networks is a function of my relative trust of the network I'm connected to, and hence that's a heuristically automagically managed firewalld thing. So I'd actually pull out the Networks UI out of each of these rather than add it to Remote Login. I don't want to see such configuration choices in two UIs. -- Chris Murphy -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
