At 02:39 07/09/2006, you wrote:
On Wed, 2006-09-06 at 19:49 -0500, Michael Yep wrote: > Users should run as restricted users When I was running Window NT, I did that, and it worked great, but when I "upgraded" to XP I found it was totally impossible to do anything and eventually gave up trying and just made my "normal" user an administrator.
I've got the same problem here (at work). Unfortunately like many others I have to use XP. Also unfortunately I need to use old software, which probably pre-dates windows 98. It works OK most of the time, but won't work at all in the "normal" user mode so I have to permanently work as an administrator.
The important difference is, I think, that until XP (in my experience which excludes NT) windows has always been totally insecure (which isn't saying that XP is totally secure) whilst Unix/Linux has always been secure by default. So applications for windows have traditionally been written to run in an insecure environment and generations of computer users don't have the first clue about security. Which as we've seen in recent years is a recipe for disaster.
So, if we the Linux community can manage to persuade computer users to switch from windows to Linux we've then got a problem with people who don't understand security. If they've always run windows in supervisor mode then they'll just run Linux as root user because they don't know or understand the reasons why that is A BAD THING.
It all boils down to education. If a Linux user can manage to turn a windows user away from the Dark Side then that's very good. But with that power comes responsibility - the responsibility to educate new users to run the operating system correctly and safely.
Would it be a good idea for FC to incorporate a "nag screen" that pops up with a security lecture if the system is logged in as root for longer than, say, 20 minutes at a time? Or is used to run desktop applications such as Open Office or The GIMP?
Dave F -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list