Re: desktop security
On Sat, May 08, 2004 at 05:22:25PM +0200, C. Gatzemeier wrote:
> Am Friday 07 May 2004 19:54 schrieb Eduard Bloch:
> > > - The Desktop should generally equal (show) the $HOME directory btw.
> > Parse error... or what is it good for?
> Oops, how did I slip that in there.
> I believe it is in many cases preferable to have the desktop show the content
> of the $HOME directory instead of $HOME/Desktop. In many cases ~/Desktop is
> an unecessary differentiation. Using $HOME would generate less confusion,
> users get used to their homedir right away and are more likely to keep it
> tidy. For KDE try putting
> into ~/.kde/share/config/kdeglobals (or /etc/kde3/kdeglobals)
blackbird~$ ls | wc -l
I would be highly annoyed if I had 284 Icons on my desktop.
Sun threw insane amounts of money for usability studies on how GNOME can
be modified to be more usable. Seems having $HOME and $DESKTOP seperate
was deemed good.
> > > Depending on your preferences uncritical things like webbrowser or
> > > openoffice etc. can just be used out of the box, running as user "guest".
> > > Other things like mail you may prefer running as a separate private id.
> > I guess I know what you mean but I do not like it. Too confusing and too
> > high risk for potential security holes.
> Please elaborate. I would be interested why it would be more confusing/higher
> risk then having to create a new user account for (each) guest you have at
> home. (without all the things you've set up to work for you before)
> This idea was for a "just has to work" scenario *without* throwing system
> restrictions out to "ease" things with bad side effects. In a case where
> local access to the PC is considered save.
> It should just work securely for everyone at your home and if you want to
> separate somthing more privately you run the program as or change completely
> to a different user id. It is defenitely more secure than just letting
> anyone work under the same ID which would probably be the obvious choice for
> many otherwise.
I can't really follow you here. Please consider the following
I'm logged into my box. A friend comes around and wants to check his
Do you propose to have the webbrowser run as 'guest' by default and if I
want to access privacy-sensible sites, I have to change to my own ID?
What's the problem with having a 'guest' user to which the $DISPLAY
should be switched, perhaps with a fast-user-switching tool.
Added IDs on the fly seems to be way more confusing to me, but perhaps
I've misunderstood you.