Thomas Petazzoni wrote: > [...reordered last one first...] > I think it would be possible to have a installed package database per > user, and allow packages to be installed in the $HOME of the > users. The system administrator would have statistics about the > softwares installed by the users, and if a package is installed by > many users, he can decided to install it system-wide, and remove it > from the $HOME of the users. That is an interesting idea. I like it in theory. But I think it would be too hard to pull off at this time. The only way to do that would be if each user had their own chroot area. > to compile it by himself. My idea is to allow the user to use the > packaging system. What I do on my site is allow users 'sudo apt-get'. ...Pause for thought... It works well for me. YMMV. I have a few hundred people who all have desktop workstations which are primarily theirs alone. [We also queue jobs on their machines during idle times.] As long as everything works in general then both the users and myself are happy. The user perodically wants to install different new software on their machine. They could bother an admin or they could do it themselves. I make 'sudo apt-get' available to the desktop users and they can do it themself. Life is good. The users love this capability. What is the worst that can happen? Seriously, as long as they are using the package system they are in pretty good hands and it is difficult to break things in really bad ways. Remember that 'sudo apt-get' does not allow them to edit their sources.list file. (Well, yes there are ways, but users who know that already have full root.) So they can only get packages from known good repositories. This keeps them from pinning, pulling from sid, pulling from other back-port areas, etc. For that they have to talk to an admin and the needs get evaluated on a case by case bases. But generally the ten thousand packages in the main repositories keep them very happy. It is still possible that they will break their system. But then they have broken only their own system and not anyone else's system. They know they did it and so they have only them self to blame. This means the problem is self-correcting. Usually problems that do arise are easy to fix by using apt again to correct the problem. It is one of knowledge and not really one of a broken system. A few minutes from an admin and the machine is back in good shape again. Those problems are so easy to fix. What would we do in the extreme case where they have broken something so bad that we can't figure it out? Well, when that happens I will let you know. But my standard answer is that we would reflash their machine back to the standard image and restore their home directory from the daily backup and they would be back and running again in a few minutes. Using systemimager we can reflash a machine in around five minutes. Typing in the commands to restore their home directory takes another few minutes. But in around a half hour of wall clock time they can have a completely restored machine. You don't really want to make it easier than this or they would break things just because there was absolutely no penalty. Note that /var/backups has the current state of the machine by cron every night. This can be used to know what things the user has installed over and above your standard image. Although it is probably easier to install your own cron which dumps the package list directly and then just diff between it and your standard list. Bob
Attachment:
pgpLRr6CHe4QD.pgp
Description: PGP signature