[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: desktop security

Am Friday 07 May 2004 19:54 schrieb Eduard Bloch:

> > - The Desktop should generally equal (show) the $HOME directory btw.
> Parse error... or what is it good for?

Oops, how did I slip that in there.
I believe it is in many cases preferable to have the desktop show the content 
of the $HOME directory instead of $HOME/Desktop. In many cases ~/Desktop is 
an unecessary differentiation. Using $HOME would generate less confusion, 
users get used to their homedir right away and are more likely to keep it 
tidy. For KDE try putting 


into ~/.kde/share/config/kdeglobals (or /etc/kde3/kdeglobals)

> > Depending on your preferences uncritical things like webbrowser or
> > openoffice etc. can just be used out of the box, running as user "guest".
> >  Other things like mail you may prefer running as a separate private id.
> I guess I know what you mean but I do not like it. Too confusing and too
> high risk for potential security holes.

Please elaborate. I would be interested why it would be more confusing/higher 
risk then having to create a new user account for (each) guest you have at 
home. (without all the things you've set up to work for you before)

This idea was for a "just has to work" scenario *without* throwing system 
restrictions out to "ease" things with bad side effects. In a case where 
local access to the PC is considered save.

It should just work securely for everyone at your home and if you want to 
separate somthing more privately you run the program as or change completely 
to a different user id.  It is defenitely more secure than just letting 
anyone work under the same ID which would probably be the obvious choice for 
many otherwise.

> The tags do not solve anything on their own (are not precise enough,
> imo), but they could be used as a criterium for user-friendly's
> decissions.

Sure, IIRC the precision isn't considered to be ready, and flexible anyway. 
Feedback is needed. Of course someone needs to implement support for debtags 
in the dependency resolution.


Reply to: