On Thursday 01 January 2009 12:34, Ian Clarke wrote: > 2008/12/31 Matthew Toseland <toad at amphibian.dyndns.org>: > > Various users complained about Freenet adding a user to run under. But I > > really don't see what we could do differently... one user said it changed the > > login screen for XP, I've heard this before too, it may be that there is no > > solution. :| > > IMHO this is yet another example of us trying to crow-bar third-party > software into behaving in a way that its not really designed to > behave, for (often dubious) reasons of "security". The result is that > we waste a lot of dev time kludging 3rd party software, we inevitably > piss off users who don't like it when software does this type of > thing, and the benefit is questionable.
Yeah, we should just ship the Ubuntu net-installer! :) > > We should ensure that Freenet is secure, but if we make it our problem > to ensure that every tool that might be used in conjunction with > Freenet is also secure, then we and our users are in for a world of > pain. Creating a user for Freenet isn't about security - well it partly is. Mostly it's about making it work AT ALL. If we start Freenet from the startup group, for example, it will severely break because of permissions problems when a different user logs in (and the only way to patch this up without breaking auto-update is to allow all users to modify code which is run on startup by all users!). Our two choices are to run as LocalSystem or a similar quasi-administrative services account or to run as a dedicated freenet user. Either way the user may not be able to kill Freenet in Task Manager. The fundamental problem here is that services are started by unkillable system users; we can switch to another user but only if we know its username and password, hence running as the installing user is nigh-on impossible. > > > "Difficult to understand how to execute on macs." > > True, Mac users have different expectations for how software is > installed - for example most Mac apps are installed by dragging the > application from a DMG virtual disk to their Applications folder. The > app then does one-time configuration stuff the first time its run. This again has severe permissions problems, however these *are* solvable on OS/X because it has cron: We simply always start Freenet as the user that installed it, on startup, whether or not the user has logged in, from cron, just like on unix. > Any Mac devs out there interested in packaging Freenet for the Mac? I'd be surprised, they tend to be even rarer than Windows devs. But if there are mac devs, please contact us! > > Ian. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090102/2103caf3/attachment.pgp>
