hi, On Mi, 2016-10-05 at 04:05 +0200, Xen wrote: > Xen schreef op 05-10-2016 3:32: > > > > > In short, the discrepancy between what a user can do and what root > > can > > do, is too big. > > The result of this is that most services are installed completely > system-wide and there is nothing less than that.
how would you deal with ... say 20 users all installing a mongodb server on your multi user system that all want to use the same privileged network port ? > > Now you may think containers are a solution to that but if you use > e.g. > LXC for that you still have the same programs running equally > system-wide but now they are just doing that inside of a container. > > That doesn't change the programs, you know. no, but it makes the above possible (by applying a container based sub- network like ubuntu-fan does for example)... though note that snaps have nothing to do with containers (quite the opposite actually). > > In terms of logging: why is there not a daemon that can run for a > user > specifically? there is ... see ~/.xsession-errors and ~/.cache/upstart/ (and there will be a systemd one as well, once switched to systemd user sessions) > > Why is there not a user fstab in which the user can specify mounts he > or > she wants to use? It is possible for libpam-mount but not for > regular > fstab. simply because nobody had the balls yet to switch a system completely to systemd.mount units i guess, but also because it is a security nightmare to allow people to randomly mount/umount system disks (though there is fstab-free mounting of USB disks today with udisks2 on every standard ubuntu system (or flavour))... > > Why are there so few user-oriented systems that a user can use in a > convenient smaller environment? > > - there is no user init system, unless you run stuff through e.g. > .bashrc or some xinit script or whatever. That is extremely arcane > and > impossible for a regular user to do. this is possible since ages, see http://upstart.ubuntu.com/cookbook/#session-job also see https://cfp.systemd.io/en/systemdconf_2016/public/events/8 it is actively being worked on for sysstemd sessions ... > > Suddenly your personal documents are maintained in > /var/lib/something!! > I have been fighting this for a long time. you should really read up about snaps ... no user data lands in /var, by default, user data goes to $SNAP_USER_DATA which is a subdir in your home (unless you run a system wide daemon that was explicitly set up for not doing that that indeed) > > And now we have snaps but snaps are equally system-wide. Ubuntu's > snappy > page mentions the following command: > > $ snap install hello > > But you can't actually do that. > > error: access denied (try with sudo) > > Oops, busted. You need a root prompt for that. > the error is mis-leading ... if you use "snap login" to set up your U1 account, you can install snaps without root privs. along with that click packages are user packages and being used in ubuntu products on sale since 2015 (snaps will replace them eventually). ciao oli
signature.asc
Description: This is a digitally signed message part
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
