Re: More desktop security thoughts (was Re: GNOME privilege library)
- From: Alan Cox <alan lxorguk ukuu org uk>
- To: Mike Hearn <mike navi cx>
- Cc: desktop-devel-list gnome org
- Subject: Re: More desktop security thoughts (was Re: GNOME privilege library)
- Date: Thu, 13 Jan 2005 19:53:52 +0000
On Iau, 2005-01-13 at 20:23, Mike Hearn wrote:
> The root/user distinction is totally useless for home users, in fact it
> shouldn't even exist as there are limits to how much you can wallpaper
> over it. In home setups the users shouldn't ever be prompted for a
> password, there shouldn't even be a login screen if there's only one user.
> Maybe there's a BIOS lock to deter physical thieves, or a hard disk
> encryption lock to deter physical+information thieves, but from GNOMEs
> perspective there shouldn't be any prompting at all.
Disagree (although the pam security stuff can do this trivially if you
I think the administrative restrictions actually serve several purposes
1. They stop the user making large mistakes. That doesn't need a
password so much as a big read "are you an idiot today" button
2. Make it harder for viruses/trojans
3. Protect users from each other.
Many home systems are in the curious state where nobody cares if you
reconfigure networking, change ISP, add a new printer and so on (all the
things that get corporate IS upset). They do care if you delete other
users files or access them. It's not something the unix "root" world
really reflects either. Its a co-operative environment not unlike the
kinds of setup hackers used to run (ITS etc) rather than a control
environment. It still needs protection to assure users about privacy and
to ensure that even if the display size is wrong and they keyboard beeps
this week the user data is ok.
] [Thread Prev