Sailfish OS
  • Info
  • User Experience
  • Cases
  • Community
  • Developers
  • Contact
  • Get Sailfish OS
Select Page
  • Info
  • User Experience
  • Cases
  • Community
  • Developers
  • Contact
  • Get Sailfish OS

API Documentation

Documentation for developing SailfishOS applications
  • API Documentation
  • Libsailfishapp
  • Sailfish Silica
    • Documentation
    • Icon Reference
  • Sailfish Components
    • Sailfish Accounts
    • Sailfish Bluetooth
    • Sailfish Contacts
    • Sailfish Crypto
    • Sailfish Gallery
    • Sailfish Media
    • Sailfish Pickers
    • Sailfish Secrets
    • Sailfish Share
    • Sailfish Telephony
    • Sailfish Webview
    • Amber Web Authorization
    • Amber MPRIS
  • Nemo QML Plugins
    • Configuration
    • Contacts
    • D-Bus
    • Keepalive
    • Notifications
    • Thumbnailer
  • Sailfish Middleware
    • MDM Framework
    • MDM Policy Framework
    • User Manager Daemon
  • API Documentation
  • Libsailfishapp
  • Sailfish Silica
    • Documentation
    • Icon Reference
  • Sailfish Components
    • Sailfish Accounts
    • Sailfish Bluetooth
    • Sailfish Contacts
    • Sailfish Crypto
    • Sailfish Gallery
    • Sailfish Media
    • Sailfish Pickers
    • Sailfish Secrets
    • Sailfish Share
    • Sailfish Telephony
    • Sailfish Webview
    • Amber Web Authorization
    • Amber MPRIS
  • Nemo QML Plugins
    • Configuration
    • Contacts
    • D-Bus
    • Keepalive
    • Notifications
    • Thumbnailer
  • Sailfish Middleware
    • MDM Framework
    • MDM Policy Framework
    • User Manager Daemon

Contents

  • Limiting account creation with MDM

Accounts

User accounts creation may be limited to user groups in account provider configuration with user-group: tag element. Accounts that need to be limited to arbitrary groups of users, should be using account groups. Account group's name must be provider name prefixed with account-.

For example for provider foo the group would be account-foo and there would be tag user-group:account-foo in foo.provider file:

 <?xml version="1.0" encoding="UTF-8" ?>
 <provider id="foo">
     <!-- ... skipped ... -->
     <tags>
         <!-- ... there could be other tag elements too ... -->
         <tag>user-group:account-foo</tag>
     </tags>
 </provider>

Account groups are created using /usr/libexec/manage-groups script during package installation and removed when the package is uninstalled. This means that the package must require that script for its post and postun scriptlets and run the necessary commands. Having following code in package specification file ensures that account groups are managed correctly:

 Requires(post): %{_libexecdir}/manage-groups
 Requires(postun): %{_libexecdir}/manage-groups

 # ... skipped ...

 %post
 %{_libexecdir}/manage-groups add account-foo || :

 %postun
 if [ "$1" -eq 0 ]; then
     %{_libexecdir}/manage-groups remove account-foo || :
 fi

If user is in that account-foo group, they may create account for that provider themselves using Settings application. Otherwise they won't even see the account provider in Settings.

Note: Account providers without account group may not be limited this way.

Limiting account creation with MDM

MDM can limit account creation by creating flag file /var/lib/sailfish-mdm/accounts-manage. This file can be created by MDM daemon dynamically or it can come from packaging but most importantly it should be empty.

Note: When MDM creates this file it commits to managing account groups itself. No user is automatically added to account groups when the file exists.

After this MDM may allow an user to create account from Settings by adding them to the respective account group. See User Manager Daemon documentation for more information on how to add users to groups.

  • Legal
  • Contact Us

  • Jollyboys Ltd © 2024

  • Facebook
  • Twitter
  • Mastodon
  • YouTube
  • LinkedIn