Re: desktop security

To: debian-desktop@lists.debian.org
Cc: Custom Debian Distributions <debian-custom@lists.debian.org>
Subject: Re: desktop security
From: Eduard Bloch <edi@gmx.de>
Date: Fri, 7 May 2004 19:54:10 +0200
Message-id: <20040507175409.GA28572@zombie.inka.de>
In-reply-to: <200405071818.01928.c.gatzemeier@tu-bs.de>
References: <408FE8F4.9080402@cox.net> <409289C1.8000502@cox.net> <20040507123554.GA2876@zombie.inka.de> <200405071818.01928.c.gatzemeier@tu-bs.de>

Moin C.!
C. Gatzemeier schrieb am Freitag, den 07. Mai 2004:

> Am Friday 07 May 2004 14:35 schrieb Eduard Bloch:
> 
> > This may be the right time to remember a (not existing yet) package
> > "user-friendly" which should do such things.
> 
> Good idea, rather make permissions obvious to understand and easy to manage 
> than leaving their benefits aside for the sake of "ease".
> 
> Some ideas for desktop UI improvements I've gathered so far:
> 
> - right click "run program as ..." different user support

Good idea, but dependent on the Desktop Environment extensions.

> - instead of failing, filebrowsers should prompt for the password to enter a 
> directory or open/start a personal file with (like opening  the accounting 
> data).

Requires cooperation with upstream developers. Feasible, but a bit
outside of our scope.

> Imagine having this available upon automatic login into a fairly restricted 
> guest account that could have /home set as $HOME
> 
> - The Desktop should generally equal (show) the $HOME directory btw.

Parse error... or what is it good for?

> Depending on your preferences uncritical things like webbrowser or openoffice 
> etc. can just be used out of the box, running as user "guest".  Other things 
> like mail you may prefer running as a separate private id.

I guess I know what you mean but I do not like it. Too confusing and too
high risk for potential security holes.

> Combine this with fast user switching to completly change the user identity to 
> a personal one and the system should be quite usable.

That's a different story. I remember discussions on -devel where people
suggested to create an extended login manager that proxies and jumps
between running X sessions (just like Windows XP Home does). Would be
great, IMHO.

> > a) to work around limitations caused by our current package
> > relationships (eg. install localisation packages depending on locale and
> > installed packages, eg. OpenOffice, Mozilla, KDE-i18n packs, 
> 
> That is quite a general requirement. Shouldn't work on debtag support solve 
> this?

The tags do not solve anything on their own (are not precise enough,
imo), but they could be used as a criterium for user-friendly's
decissions.

> > b) automate parts of configuration that many users (especially desktop
> > users) do, like adding the new users to new device groups or adding sudo
> > commands for special apps.
> 
> Probably something not only debian-desktop but all customized debian 
> distributions[1] and admins in general are interested in, maybe even some cdd 

Indeed, CDDs could profit from this development.

> helper package has already something in this direction. I also remember 
> reading something about upcoming adduser supporting "user profiles".

Hm. I would like to know more about that.

Regards,
Eduard.
-- 
Der Mensch ist nie besser und wärmer, als wenn er dem andern eine
Freude vorbereitet.
		-- Jean Paul

Reply to:

Follow-Ups:
- Re: desktop security
  - From: "C. Gatzemeier" <c.gatzemeier@tu-bs.de>

References:
- Re: desktop security
  - From: "C. Gatzemeier" <c.gatzemeier@tu-bs.de>

Prev by Date: CDD subset mirror neccessary?
Next by Date: Re: CDD subset mirror neccessary?
Previous by thread: Re: desktop security
Next by thread: Re: desktop security
Index(es):
- Date
- Thread