Most common and uncommon installation method for Acrobat Reader

Mon Jul 18 17:31:32 UTC 2005

On 7/18/05, Alan Cox <alan at lxorguk.ukuu.org.uk> wrote:
> On Llu, 2005-07-18 at 07:30 -0600, Samartha wrote:
> > My guess is that it's much less than 5 % of all Linux installations of
> > Acrobat Reader possibly doing this.
> 
> I would suspect most technically aware users don't use acrobat reader
> because of the javascript problems.

Annoyingly enough, there are no OSS pdf reader programs that provide
all features expected by users, so there are some technically aware
people out there using Adobe's Reader. (At least, this was true when I
surveyed them all about 4 months ago.)

> 
> > Now, my co-worker proclaims that this (under a user's home directory) is
> > the common method to install Acrobat Reader under Linux and this opinion
> > is percolated up the management hierarchy.

This seems a little crazy to me. In most businesses, some computers
are at least occasionally shared. I don't want to set up any
application specially for anyone who might log on. I want every
computer to work for anyone who might log on.

Even if you're not sharing, aren't you imaging? You can't set up an
image for a new computer install if the apps have to go into user's
homedirs.

Even if you're allowing users to install their own software (which is
horrifying to me, but often a reality), any app that is likely to be
used by most people should be part of your default installs. And
asking users to do the installs (the usual rationale for homedir
installation) is a recipe for a support call, and security holes (as
Alan Cox noted).

> 
> I think you'll find a mix that varies between sites where users personal
> file store is mounted "noexec" to keep the slaves at work and home
> systems where the user is root and can do as they like
> 
> It is bad security practice to allow end users random software
> installations because it becomes impossible to pull a package or update
> all copies of it reliably if there is a security hole. It's one of the
> big problems many Windows environments face and it isn't directly a
> Microsoft caused problem.

Indeed. One of the hardest things we did here, but one of the most
important and valuable, was to remove this right from the users here.
Windows gives admins the ability to keep users from running
installers, but can't stop users from running a stand-alone exe (to
the best of my knowledge). noexec mounting is better.