On Tue, Apr 06, 2004 at 09:36:24PM -0400, Jamethiel Knorth wrote: > Actually, the idea does allow people to install shared programs. Part of > the purpose of this is that a user can install a shared program without > escalating their privileges. Of course, a system can be set up to prevent > this. The main advantage in a home environment is that, if a user does > install something, it needn't be installed with root permissions. Your typical home user will install prebuilt packages using the tools provided with the system. In a non home environment you rarely want users installing anything, and with SELinux you can go so far as to make just about anything user originated (scripts included tho its a bit tricky) non-executable. This is good as it turns "I got this cool christmas card and ran it" into "I asked the sysadmin why it wouldnt run and she told me about trojans". > Looking at the current situation with Windows, it's fairly reasonable to > assume that regular users will intentionally install programs without > properly checking what they are and who made them. If they do this with > root privileges, the program could influence every portion of their system > and this could cause catastrophic problems. "Other people fire shotguns at random without warning, lets all do that" Maybe there is an argument for a /usr/local/ with default labels that prohibit privileged roles using the contents and which doesn't require total superuser rights to write into. That also solves - The 10,000 private installations of epic problem - The cross platform problem - Non-exec /home Alan
