Xen schreef op 05-10-2016 3:32:
In short, the discrepancy between what a user can do and what root can
do, is too big.
The result of this is that most services are installed completely
system-wide and there is nothing less than that.
Now you may think containers are a solution to that but if you use e.g.
LXC for that you still have the same programs running equally
system-wide but now they are just doing that inside of a container.
That doesn't change the programs, you know.
In terms of logging: why is there not a daemon that can run for a user
specifically?
Why is there not a user fstab in which the user can specify mounts he or
she wants to use? It is possible for libpam-mount but not for regular
fstab.
Why are there so few user-oriented systems that a user can use in a
convenient smaller environment?
- there is no user init system, unless you run stuff through e.g.
.bashrc or some xinit script or whatever. That is extremely arcane and
impossible for a regular user to do.
- where are the services a user can configure, for example as part of
first logging on to a system? Why is there no "smaller version" of the
"greater system"?
If there was actually a good init system it would be dead easy to retain
the shape of it and just make a smaller version of it, for the user
specifically.
I am slightly aware of efforts in the past by some sponsor to the Linux
Foundation that wanted to lesson security in a certain sense by allowing
users to install packages and this effort was refuted by one of the
employees that was subsequently fired for it.
We still do not have user packages.
There are plenty of services that could run on unpriviledged ports just
as well as they could on privileged ones. There is absolutely no
requirement that something like Dokuwiki would require admin rights. So
why do we only have stuff admins can install?
This creates issues for wiki's notably because personal wikis are never
system-wide in concept and yet you cannot run them for your own user???
Suddenly your personal documents are maintained in /var/lib/something!!
I have been fighting this for a long time.
And now we have snaps but snaps are equally system-wide. Ubuntu's snappy
page mentions the following command:
$ snap install hello
But you can't actually do that.
error: access denied (try with sudo)
Oops, busted. You need a root prompt for that.
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
