[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: desktop security

On Sat, May 08, 2004 at 05:22:25PM +0200, C. Gatzemeier wrote:
> Am Friday 07 May 2004 19:54 schrieb Eduard Bloch:
> > > - The Desktop should generally equal (show) the $HOME directory btw.
> >
> > Parse error... or what is it good for?
> Oops, how did I slip that in there.
> I believe it is in many cases preferable to have the desktop show the content 
> of the $HOME directory instead of $HOME/Desktop. In many cases ~/Desktop is 
> an unecessary differentiation. Using $HOME would generate less confusion, 
> users get used to their homedir right away and are more likely to keep it 
> tidy. For KDE try putting 
> [Paths]
> Desktop=$HOME
> into ~/.kde/share/config/kdeglobals (or /etc/kde3/kdeglobals)


blackbird~$ ls | wc -l

I would be highly annoyed if I had 284 Icons on my desktop.

Sun threw insane amounts of money for usability studies on how GNOME can
be modified to be more usable. Seems having $HOME and $DESKTOP seperate
was deemed good.

> > > Depending on your preferences uncritical things like webbrowser or
> > > openoffice etc. can just be used out of the box, running as user "guest".
> > >  Other things like mail you may prefer running as a separate private id.
> >
> > I guess I know what you mean but I do not like it. Too confusing and too
> > high risk for potential security holes.
> Please elaborate. I would be interested why it would be more confusing/higher 
> risk then having to create a new user account for (each) guest you have at 
> home. (without all the things you've set up to work for you before)
> This idea was for a "just has to work" scenario *without* throwing system 
> restrictions out to "ease" things with bad side effects. In a case where 
> local access to the PC is considered save.
> It should just work securely for everyone at your home and if you want to 
> separate somthing more privately you run the program as or change completely 
> to a different user id.  It is defenitely more secure than just letting 
> anyone work under the same ID which would probably be the obvious choice for 
> many otherwise.

I can't really follow you here. Please consider the following

I'm logged into my box. A friend comes around and wants to check his

Do you propose to have the webbrowser run as 'guest' by default and if I
want to access privacy-sensible sites, I have to change to my own ID?

What's the problem with having a 'guest' user to which the $DISPLAY
should be switched, perhaps with a fast-user-switching tool.

Added IDs on the fly seems to be way more confusing to me, but perhaps
I've misunderstood you.

Michael Banck
Debian Developer

Reply to: