On Mon, 2 Jul 2001 06:13, Judith Miner wrote:
> Speedman wrote:
> >> Restricted super user authority is a hallmark of *NIX, and is one of
>
> the primary reasons it is so stable.
> [snip]
> We promote the very same practice to home users in order to prevent
> kids, or other family members from installing some piece of hellware
> that guts Windows. <<
>
> I fully appreciate restricted authority in multiuser situations. One of
> the first things I noticed when I started using Linux was how great this
> would be where you share a computer with other family members. One of
> the problems Windows 9x users constantly face is how to keep their PCs
> safe from their children's "experiments." Or a family member does not
> exercise due caution with installing downloaded programs of uncertain
> origin or opens e-mail attachments without proper checking and the whole
> system winds up infected. In a multiuser family environment, I would
> certainly want "root" restricted to the *real* root (still me).
You make some good points here.
> But my situation is totally different. There are no other users, no
> children, no other family members using the computer. Why should I, the
> sole user, have to jump through hoops that are intended solely for the
> multiuser situation?
People seem to forget that the Internet is a network as well. Internet
security is amongst the most important types of security that are required.
Fine, your son/daughter/mother/father/dog/cat can't damage your system, but
what about all the skilful crackers out there just itching to break into a
new system?
> >> Don't hold your breath waiting for Linux distributors to remove su,
>
> and permission based file structures. <<
>
> I'm not suggesting anything of the sort. One of the obvious benefits of
> Linux is that you have more choices about how you set up your system.
> The goal of Linux-on-the-desktop should be to increase choices, not
> remove them. I wouldn't want any console- or command-line aficionado to
> lose one bit of this power.
>
> But if Linux advocates are serious about promoting Linux as an OS
> suitable for mainstream, non-networked desktop users, certain things
> have to change. I think a single user should have the *option* of
> setting up his or her system so that access to root's reserved functions
> are easy in some way other than always logging in as root.
Once again, this can be done with a combination of user permissions and tools
like kdesu and sudo.
> Anyway, this >> time proven and effective model << is already
> compromised on the desktop because any standalone sole user can do
> exactly what I have done--log in as root routinely. Now things are
> exactly as they are in Win 98SE, except my Internet access seems to be
> considerably less safe.
Your internet access less safe in GNU/Linux than in Windows? Give me a break!
Try using tools like InteractiveBastille to fortify your system. It may not
be the most user-friendly thing around, but it does what it is supposed to
do. Security cannot be sugar-coated too much, otherwise it wouldn't be secure
at all.
> >> If this concept had of been implemented in the 9x line of products
>
> (even though the underlying technology is absolute junk) I can hardly
> imagine how astronomical the world wide productivity gains would have
> been over the past seven years - compared to what has actually
> transpired. <<
>
> The 9x line of products was never designed to be a "safe" system and
> cannot be made so. Granted, Microsoft never made this crystal clear, but
> how incompetent would an IT person be who didn't know this? Networked
> business users should have been using the much safer NT or W2K, which
> *does* protect the vital core from user-induced disasters. For sole home
> users, though, the security features do NOT increase the system's
> reliability because the sole user can always do whatever root or
> administrator are allowed to do, including trashing the thing entirely.
The main point (among many others) of typing in a root password for a single
user system is to prevent *accidental* errors from occurring. It also forces
one to actually *think* about what they're doing, whereas otherwise (as a
normal user) they do not have to worry about this, and so can just get back
to work. The need to log into root should be rare -- the vast majority of
tasks can be done as a user. The main reason for logging in as root is to
(un)install RPMs. If you use userdrake to add yourself to the "urpmi" group
you can securely add rpms with "urpmi" and remove them with "urpme" -- all as
a normal user.
> >> I will bet a dime to a dollar that if you continue using *NIX, and
>
> don't respect it's structure you will end up w/ an unstable operating
> system just like Win 9x. <<
>
> What makes you think I have an unstable Win 9x system? I would never put
> up with such a thing. My Win 95b laptop is rock-solid and will go months
> between crashes. My 98SE desktop is not as stable, mostly because of
> some applications I run that are buggy. I know what they are but I want
> what they do, so I run them anyway, save often, and wait for the sky to
> fall. The crashes require a reboot but are nondestructive. When I read
> about people who crash four times a day or four times an hour, I can
> only wonder "why"? It doesn't have to be that way. Crashes on my 98SE
> are infrequent unless I run buggy programs.
I found that I could only get Win9x to be reasonably fast and stable if I
installed a minimal amount of applications. As soon as I installed bloatware
like MS Office I was doomed. I still keep a small Win98 partition around, for
emergencies only (if I accidentally mess up GNU/Linux). I keep this as
bare-bones as possible, using 98lite (http://www.98lite.net) to remove
Internet Explorer (I use Opera instead).
> If system resources are the problem, Windows 2000 will take care of that
> if the resource hogs and memory leakers must be used. I'm interested in
> having a fully functioning Linux desktop not because my Windows
> computers are unstable, but because I'm fed up with Microsoft's business
> practices. There are a lot more like me and Windows XP will bring even
> more of us out of the woodwork. We may try out Linux but we won't
> migrate to Linux if it doesn't develop a face that's friendlier to
> non-techie users.
>
> Since I can always do what root does, regardless of how I log in,
> "respecting Unix structures" is not going to prevent any instability I
> might inflict on the system. When root and user are the same, there IS
> no protection from what I might do in my ignorance. All I have to do is
> give my root password and I'm free to mess things up. So where is the
> protection in Unix structures? That's why I suggested some sort of
> warning message if "super user" tried to do something that could damage
> the system. At least I could think about it first.
See my comments above regarding this.
The "warning message" you suggest is actually more difficult to implement
than you may think. GNU/Linux is a highly modular, flexible system. Almost
everything has an alternative (even the kernel, since you can compile your
own or install a different version). It must be remembered that components
are made by many different people scattered across the globe. Consequently,
integration is difficult and the possible errors a user can commit are
endless. Conversely, Windows is monolithic and is totally designed by
Microsoft. This makes integration an easy task. Since just about all system
settings are centralised in their hideous registry, it is easy to put an
error message saying "Modifying the registry can ruin your system. Proceed?".
> Unix has never been presented as an option for a SOHO or home desktop.
> Linux, however, is actively positioning itself as an alternative for
> these users. If Linux wants to be an option as a desktop OS, some Linux
> proponents will have to face the reality of what this means for the
> features to which they are most attached. The features must stay there,
> but they are not necessarily appropriate for all users, at least in
> their naked form. That's what a good desktop GUI should do: present a
> friendly front end through which a non-techie user can manage the system
> without consoles, command lines, scripts, and a six-month course in Unix
> commands.
This will happen in time. However, don't expect the root-user dichotomy to
disappear. As I have mentioned above, this is a vital element to the security
(both physical and network, including Internet) and stability of an operating
system. Both Apple and Microsoft have recognised this, and have incorporated
such systems into their respective 'next-generation' operating systems,
namely MacOS X and Windows XP.
The era of the single-user OS is dying -- I suggest that you try to get used
to the multiple user idea. As I have mentioned above, tools designed to make
life easier for you are in abundance.
> --Judy Miner
--
Sridhar Dhanapalan.
"There are two major products that come from Berkeley:
LSD and UNIX. We don't believe this to be a coincidence."
-- Jeremy S. Anderson
