Re: [sabayon] hello

[Herman Bos <hbos osso nl>]

Robert Taylor wrote:
> Neat.
>
> Thanks for the response thus far guys.
>
> Alexander, thank you for some of the points below, I have not considered
> a lot of the ideas you brought up.
>
> Indeed, I think I now am starting to understand where the complexity is.
>
> Allow me comment on only one point, that being the "anal desktop".  In
> my humble opinion, there is no such thing as a 'restricted desktop',
> there are only custom designed desktop environments designed for certain
> workflows and the administrators understanding/misunderstanding of the
> users needs.  Kiosks for example require different workflows and
> security needs from programmer desktops.  In our own pilot testing,
> CHOICE turns out to actually be a bad thing for our users, they say they
> want choice but it turns out what they really want is for all things to
> always be in the same place and work the same regardless of who the last
> employee using it was (even without logging out).
>
> My enthusiasm for lock down features does not revolve around disabling
> the user experience but around engineering workflows for different users
> and their needs. I have always thought of computers as 'interfaces to
> the mind' and thus thinking about engineering this interface to the mind
> on a needs basis is quite exciting, at least to me.
>
> I will take due note of some of your points and start testing them
> further, but in light of some of the things brought up, I would say
> Sabayon is essentially useless at this point.  If a user can bring in
> their own .gnome dir and run it, then effectively there is really no
> point to this whole project.  I don't know why this didn't occur to me
> before :)
>
> This brings up an additional point, why would anyone even bother to
> write such a tool that stores "lockdown" information in such a way that
> the user can change it if they know how?  Why bother even trying to lock
> anything down at all?
>
> I am going to have to consider overall security and workflow/lockdown
> issues further, perhaps redhat is right about linux not being ready for
> the desktop after all.
>
> - Robert
>
>   
I don't see sabayon as a security product. Ofcourse you can lockdown the
interface but you don't lockdown the machine or anything in a security
point of view.

Locking the interface is great as well. I am planning to use it to lock
the panels so users cannot remove them by accident and I want to remove
things of which I'm sure they don't need so it won't bring them any
confusion.

If some cases you might want some company wallpaper on all desktops or
something like that.

But whats wrong with the fact that the user can slightly modify his
desktop and make him/her feel more at home. Let them add some applets
(personally I would go nuts if I didn't have that windows selector
applet) or a nice wallpaper, they have to work on it, not me.

Ofcourse when an account is used by multiple users you might want to
make it really static though.

Using sabayon with LDAP is on my TODO list for a while now.
Unfortunately no time yet.

If you just want security use a security solution. There are plenty.
From SELinux, RSBAC, GRsecurity, vSecurity and Apparmor to setting the
right values in limits.conf.

Ideal for example is to set something like Trusted Path Execution, where
the user can only execute root owned files. So they can only run system
installed software.

I absolutely believe Linux is ready for the desktop (at least the
corporate desktop).

Regards,

Herman Bos