[RFC] User Accesable Filesystem Hierarchy Standard
Alan Cox
alan at redhat.com
Wed Apr 7 01:46:45 UTC 2004
On Tue, Apr 06, 2004 at 09:36:24PM -0400, Jamethiel Knorth wrote:
> Actually, the idea does allow people to install shared programs. Part of
> the purpose of this is that a user can install a shared program without
> escalating their privileges. Of course, a system can be set up to prevent
> this. The main advantage in a home environment is that, if a user does
> install something, it needn't be installed with root permissions.
Your typical home user will install prebuilt packages using the tools
provided with the system. In a non home environment you rarely want users
installing anything, and with SELinux you can go so far as to make
just about anything user originated (scripts included tho its a bit
tricky) non-executable. This is good as it turns "I got this cool christmas
card and ran it" into "I asked the sysadmin why it wouldnt run and she told me
about trojans".
> Looking at the current situation with Windows, it's fairly reasonable to
> assume that regular users will intentionally install programs without
> properly checking what they are and who made them. If they do this with
> root privileges, the program could influence every portion of their system
> and this could cause catastrophic problems.
"Other people fire shotguns at random without warning, lets all do that"
Maybe there is an argument for a /usr/local/ with default labels that
prohibit privileged roles using the contents and which doesn't require
total superuser rights to write into.
That also solves
- The 10,000 private installations of epic problem
- The cross platform problem
- Non-exec /home
Alan
More information about the fedora-devel-list
mailing list