On Thu, 17 Jul 2003, Andi Payn wrote: > All users in a special group. At low security, this is everyone. At medium > security, this is the msec admin. At high security, or expert install, > whoever's installing needs to know what a group is and deal with it. > > This would be roughly equivalent to the system on Windows XP (except when > installing on an NT/2K domain, where it gets more complicated and essentially > doesn't work). My mother and sister share a computer, and they see the fact > that whichever one of them is logged in can see and install the updates as a > good thing. >
But essentially the problem with Windows is that most users run with administrative priveleges all the time => virus propagation. This is usually less of a problem on corporate networks, where only domain admins have admin rights, but often they still run with admin rights as a general rule. Luckily, 2/3rds of our admin users run under linux with unpriveleged accounts most of the time ;-). BTW, this kind of touches on one of the issues I wanted to discuss, cc'ing a few people who no longer read cooker, and it has to do with better default rights management. Under Windows, you can easily decide who should be able to do what kind of thing (this is true also under linux). However, under Windows there are good defaults. Such as Domain Admins can join any machine to a domain (other users would have to be assigned the right to be able to join a specific machine, or group of machines by ACLs in Active Directory). We can achieve a lot of similar settings under Mandrake without too much difficulty, via good default LDAP ACLs, and a good default sudo config (even better would be sudo config in LDAP). Anyway, I need to cover this in a seperate thread, it's too complex for a paragraph in another thread .... > >> This assumes users are logging in and out of X on a regular basis. On > >> many of my machines I don't for months at a time... > > > > But you are capable of writing a cron job to do it for you, which is why > > you don't even need such a tool. > > There are many users who are not capable of writing a cron job, and who also > stay logged in for weeks on end. The fact that you can do just this--that you > almost never have to log out, much less reboot--is one of the selling points > for converting to linux. > > If we tell people that they have to log out and back in periodically to check > for updates, that won't sound good: "Oh, so linux is just like Windows, they > just try to hide it better." > Uhhh, my solution (Basicaly the way RH does it) would avoid all of these issues ... > Buchan: > > Remember that most of the time it should be running as a normal user, > > and thus should not run 'urpmi.update' or anything else that requires > > elevated priveleges. > > The automated update system is useless if there's nothing automatically > running urpmi.update every so often. But, if we're talking an applet, the user the applet runs as should not in general be able to run urpmi.update, it would just let the user know when and why they would want to do so, and make it easy to do so. > Maybe this should be installed as a > weekly cron job for users who specify an "always on" connection, as an ifup > script (that does nothing unless it's been more than, e.g., 6 days since last > time) for those who specify a "dialup" connection? > > Whatever, it should be almost completely invisible to novice users. > But you also want to avoid being accused of installing "spyware" by default. Being able to choose automated updates is something I would like to see (so normal users get the solution I have in my cron script). But it shouldn't be the default. > Buchan: > >> Has no-one on this list installed Redhat recently? > Ben: > > Why would I want to? > > To steal their best ideas--and, more importantly, to avoid their worst > mistakes. > And to see just how much their redhat-config-samba sucks ;-). And how we can improve on the authsetup (IIRC) tool (don't clobber user settings in /etc/pam.d/system-auth). > As for how to download and install packages, it might be nice to pre-download > them (as XP does). (What if there are multiple users? Provide a directory > under /var/tmp or something which all users have write access to, and > download them there.) However, it's probably easier and safer to have > MandrakeUpdate download the packages on demand (as root). I agree, I wouldn't want MandrakeUpdate installing packages anotheruser could have crafted, and another user, not knowing the significance of rpm signatures, installs by mistake ... IMHO, there should be two solutions: 1)applet showing the user when they need to run updates, with an easy way to launch MandrakeUpdate. It may be an idea to make it possible to do this via sudo without a password, so users in a certain group can run it without having to enter the root password? 2)The applet could also offer to setup automated updates, and in such a case would only indicate the status of the updates (ie "updates ran successfully last night, 3 packages were updated", or "the selected mirror could not be contacted, please check your setup"). Regards, Buchan -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 ****************************************************************** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ******************************************************************
