From: Dave Taht <dave.taht@gmail.com> To: Juliusz Chroboczek <jch@irif.fr> Cc: Jeroen van Veen <jvanveen@protonmail.com>, "galene@lists.galene.org" <galene@lists.galene.org> Subject: [Galene] Re: User management Date: Fri, 1 Oct 2021 07:05:27 -0700 [thread overview] Message-ID: <CAA93jw6oy3=w08wywTF41MCsajwxhJvZFjG34WV9mGBZ7Mochg@mail.gmail.com> (raw) In-Reply-To: <87pmsp3qnx.wl-jch@irif.fr> On Fri, Oct 1, 2021 at 4:55 AM Juliusz Chroboczek <jch@irif.fr> wrote: > > > Any thoughts on a separate users.json that contains entries like: > > > > [ > > {"name":"jeroen","password":"foobar","groups":{"pyrite": > > {"op":true,"presenter":true,"other":true}}}, > > {"name":"pyrite","password":"foobar","groups":{}} > > ] > > > > The idea is to be able to set permissions per group, while having only > > one user entry at a central place. > > I'm open to that. > > > After modifying users.json, there will be another action from the > > backend that updates all accompanying group files. As I understand it, > > there is only 1 administrator user defined in data/passwd? Would it be > > feasible to have multiple users in there, so each user can have an > > administrator flag? > > I think we should make the data/passwd file obsolete, and define the > administrator role per-user in the users.json file. > > > And what would be a good approach to delete or rename a group? Doing > > a request to the new group name works fine to make it available in the > > list, but I wonder what will happen to the group that is being > > renamed/deleted. > > The group will exist as long as there are users, but no new users should > be able to login. At least, that's the way the code was written, but > I don't recall if I've tested it. > > > Should I use protocol.js in the backend as well to connect to a group > > and kick all users out, before attempting to rename/delete it? > > I don't feel it's necesary, but it's up to you. > > > If so, would it be useful to have a 'hidden' user available that can act > > on behalf of the backend? > > No, please no hidden users -- normal users should have full visibility > into what's being done to them. If you need a system user, please make it > visible. Yes, no sneaky users please. It's really hard to trust other "modern" videoconferencing servers. In fact I was thinking perhaps that having a "jch-blessed" binary might be of use, but I have not the foggiest idea how to go about having a means to prove, e2e, that you are really talking to a trusted videoconferencing server. I did rather like the insertable streams idea: https://webrtchacks.com/true-end-to-end-encryption-with-webrtc-insertable-streams/ > -- Juliusz > _______________________________________________ > Galene mailing list -- galene@lists.galene.org > To unsubscribe send an email to galene-leave@lists.galene.org -- Fixing Starlink's Latencies: https://www.youtube.com/watch?v=c9gLo6Xrwgw Dave Täht CEO, TekLibre, LLC
next prev parent reply other threads:[~2021-10-01 14:05 UTC|newest] Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-09-28 18:29 [Galene] " Jeroen van Veen 2021-10-01 11:55 ` [Galene] " Juliusz Chroboczek 2021-10-01 14:05 ` Dave Taht [this message] 2021-10-01 14:20 ` [Galene] End-to-end encryption [was: User management] Juliusz Chroboczek 2021-10-01 14:38 ` [Galene] Re: End-to-end encryption Michael Ströder 2021-10-01 15:24 ` [Galene] Re: End-to-end encryption [was: User management] Dave Taht 2021-10-03 19:15 ` [Galene] Re: User management Jeroen van Veen 2021-10-26 19:02 ` [Galene] Config branch [was: User management] Juliusz Chroboczek 2021-10-27 18:23 ` [Galene] " Jeroen van Veen 2021-10-29 9:10 ` Jeroen van Veen 2021-10-29 17:52 ` Juliusz Chroboczek 2021-10-30 8:22 ` Jeroen van Veen 2021-10-01 14:43 ` [Galene] Re: User management Dernat Rémy 2021-10-03 19:15 ` Jeroen van Veen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style List information: https://lists.galene.org/postorius/lists/galene.lists.galene.org/ * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CAA93jw6oy3=w08wywTF41MCsajwxhJvZFjG34WV9mGBZ7Mochg@mail.gmail.com' \ --to=dave.taht@gmail.com \ --cc=galene@lists.galene.org \ --cc=jch@irif.fr \ --cc=jvanveen@protonmail.com \ --subject='[Galene] Re: User management' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox